Separating the roles of the QA process
Marc Deslauriers
marcdeslauriers at videotron.ca
Fri Dec 17 05:26:17 UTC 2004
On Thu, 2004-12-16 at 09:01 +0200, Pekka Savola wrote:
> 2) The PUBLISH QA is only obligated to check that the modifications
> seem OK -- the sources have not been tampered with, the patches come
> from some reliable source or are otherwise OK, the spec file changes
> are minor, etc.
I agree with this...the binaries provided by the packagers don't reflect
the binaries that mach will produce when the packages get pushed to
updates-testing, so I don't see the point in looking at them...
> 3) the VERIFY QA is obligated to:
> - check the GPG signature and checksum of the packages
> - install it, run it, test if it works.
> - running rpm-build-compare.sh on the binaries to see if there have
> been any significant changes (e.g., to the libraries used)
rpm-build-compare.sh is usually run after building in mach and before
posting to updates-testing. I don't think this should be mandatory for
people to give a VERIFY as it will require more work than they will
probably be willing to do. That said, if anyone actually does it, it's
definitely a plus...
> Justification: currently PUBLISH QA is not being done especially for
> obscure packages that no one is really using, because it's difficult
> to rebuild and install and test them. We need to make this available
> to *anyone*, even to those who don't run the Red Hat version in
> question.
>
I agree.
> This makes updates-testing a bit more literally "testing", but IMHO
> that's not a problem.
>
Agreed.
Marc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20041217/549be3c7/attachment.sig>
More information about the fedora-legacy-list
mailing list