-testing timeout

Jesse Keating jkeating at j2solutions.net
Sat Jan 31 21:25:57 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 31 January 2004 13:09, Todd wrote:
> Jesse Keating wrote:
> > So we've got ethereal in -testing, and it's been there since the
> > 22'nd, but nobody has touched it (except for Jonny on 7.3 according
> > to an un-signed bugzilla message).
> >
> > I think that we should have a -testing timeout and if nobody reports
> > on it after a week, it gets pushed out as an update, due to all the
> > verification that happened to get it into the published state.
> > Given this policy, ethereal would be a candidate for release today
> > (well day before yesterday but who's counting).  If nobody objects
> > to this policy, I'll push ethereal out today.
>
> I was just going to run some tests on 7.2, 7.3, and 8.0 today and/or
> tomorrow.  That's the only other package in -testing, AFAIK, right?

Correct.

> One thing I'd be wary of with pushing an update from testing just
> based on a timeout is how we'd know if anyone had bothered using it.
> I don't make use of ethereal on a regular basis, so just because I've
> updated my systems against updates-testing doesn't mean I've even
> picked up ethereal, let alone tested it at all.

This is true, but the package went under a lot of scrutiny before it ever 
made it to updates-testing.  There is a round of source review in the bug 
before I ever push it to -testing.  -testing is just for verification.

> I'd feel more comfortable knowing that the legacy project actually
> tested things before pushing them out.  Not doing so could come back
> and bite us in the ass when some package breaks something that should
> have been caught in testing.  I know what you're saying about the
> prior testing that goes into getting it to testing.  Maybe that is
> enough.  If we end up pushing out updates without any verification in
> production, we'll have to hope that it is.

I'd prefer to see every package get through testing as well, but I also 
don't want to sit on a security update for over a week when we could push 
it.

> Just to keep fresh on what else remains to be done, there's slocate
> which still hasn't made it there yet, it needs more PUBLISH votes I
> believe.

Yes, slocate 2.7 needs more PUBLISH votes.  We are upgrading rather than 
updating, so a very close inspection is needed.

> What other security fixes are there?  Gaim is still up in the air as
> far as whether the 0.59 version is affect, correct?

We've made the decision to upgrade gaim due to protocol issues.  Please 
test the new version in the bug.

> The other things I see in bugzilla are either bugfixes (mc, rpm2html)

mc needs testing as well.  I had planned on working on mc this weekend 
(maybe tonight)

rpm2html I haven't looked at yet.  Part of that rpm upgrade thing.

> or things for legacy-utils (apt, synaptic, fedora-rpmdevtools).

apt/yum needs to be spun for 8.0, synaptic I guess needs looking at, I've 
never ever touched it though, so I'm not exactly comfortable doing the 
work.  fedora-rpmdevtools needs looking at, probably has to be modified to 
work well w/ Legacy.  Is anybody even interested in it?

- -- 
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
Mondo DevTeam		(www.mondorescue.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAHB1l4v2HLvE71NURAmeOAJ0eBC4avx7P5ZdzL852EMkl5yQ1QgCeIUX/
yL4YR0TMjUcJG6Sa9iz88Xo=
=82mV
-----END PGP SIGNATURE-----

More information about the fedora-legacy-list mailing list