-testing timeout
Jesse Keating
jkeating at j2solutions.net
Sat Jan 31 21:25:57 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 31 January 2004 13:09, Todd wrote:
> Jesse Keating wrote:
> > So we've got ethereal in -testing, and it's been there since the
> > 22'nd, but nobody has touched it (except for Jonny on 7.3 according
> > to an un-signed bugzilla message).
> >
> > I think that we should have a -testing timeout and if nobody reports
> > on it after a week, it gets pushed out as an update, due to all the
> > verification that happened to get it into the published state.
> > Given this policy, ethereal would be a candidate for release today
> > (well day before yesterday but who's counting). If nobody objects
> > to this policy, I'll push ethereal out today.
>
> I was just going to run some tests on 7.2, 7.3, and 8.0 today and/or
> tomorrow. That's the only other package in -testing, AFAIK, right?
Correct.
> One thing I'd be wary of with pushing an update from testing just
> based on a timeout is how we'd know if anyone had bothered using it.
> I don't make use of ethereal on a regular basis, so just because I've
> updated my systems against updates-testing doesn't mean I've even
> picked up ethereal, let alone tested it at all.
This is true, but the package went under a lot of scrutiny before it ever
made it to updates-testing. There is a round of source review in the bug
before I ever push it to -testing. -testing is just for verification.
> I'd feel more comfortable knowing that the legacy project actually
> tested things before pushing them out. Not doing so could come back
> and bite us in the ass when some package breaks something that should
> have been caught in testing. I know what you're saying about the
> prior testing that goes into getting it to testing. Maybe that is
> enough. If we end up pushing out updates without any verification in
> production, we'll have to hope that it is.
I'd prefer to see every package get through testing as well, but I also
don't want to sit on a security update for over a week when we could push
it.
> Just to keep fresh on what else remains to be done, there's slocate
> which still hasn't made it there yet, it needs more PUBLISH votes I
> believe.
Yes, slocate 2.7 needs more PUBLISH votes. We are upgrading rather than
updating, so a very close inspection is needed.
> What other security fixes are there? Gaim is still up in the air as
> far as whether the 0.59 version is affect, correct?
We've made the decision to upgrade gaim due to protocol issues. Please
test the new version in the bug.
> The other things I see in bugzilla are either bugfixes (mc, rpm2html)
mc needs testing as well. I had planned on working on mc this weekend
(maybe tonight)
rpm2html I haven't looked at yet. Part of that rpm upgrade thing.
> or things for legacy-utils (apt, synaptic, fedora-rpmdevtools).
apt/yum needs to be spun for 8.0, synaptic I guess needs looking at, I've
never ever touched it though, so I'm not exactly comfortable doing the
work. fedora-rpmdevtools needs looking at, probably has to be modified to
work well w/ Legacy. Is anybody even interested in it?
- --
Jesse Keating RHCE (http://geek.j2solutions.net)
Fedora Legacy Team (http://www.fedoralegacy.org)
Mondo DevTeam (www.mondorescue.org)
GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAHB1l4v2HLvE71NURAmeOAJ0eBC4avx7P5ZdzL852EMkl5yQ1QgCeIUX/
yL4YR0TMjUcJG6Sa9iz88Xo=
=82mV
-----END PGP SIGNATURE-----
More information about the fedora-legacy-list
mailing list