changes are needed, we need keep moving

Pekka Savola pekkas at netcore.fi
Mon Jun 6 20:14:16 UTC 2005 

On Sat, 4 Jun 2005, Eric Rostetter wrote:
> Quoting Pekka Savola <pekkas at netcore.fi>:
>> On Fri, 3 Jun 2005, Eric Rostetter wrote:
>>> Seriously, if we can't get 2 votes for a package, then there is a real
>>> problem going on.
>>
>> It's pretty clear we've had a real problem going on for a long time.
>
> Well, the urgency hasn't been made apparent enough.  I'm serious here.
> I'm involved in the project, and I didn't know there was as big a problem
> as we have.  So how would people not involved know?

Umm, how plainly do you want to get it?  At least I have tried to get 
people realize that these updates don't happen just by themselves, but 
if you refuse to believe it (or just prefer to wait for the others do 
the work), there isn't all that much to be done.

A couple of examples,

https://www.redhat.com/archives/fedora-legacy-list/2005-February/msg00168.html
https://www.redhat.com/archives/fedora-legacy-list/2005-March/msg00142.html
https://www.redhat.com/archives/fedora-legacy-list/2005-March/msg00254.html
https://www.redhat.com/archives/fedora-legacy-list/2005-March/msg00269.html [close to end]
https://www.redhat.com/archives/fedora-legacy-list/2005-May/msg00065.html

How should folks (me and others) have said it instead to make it 
sufficently plain that there's a problem?

>> (A smaller, specific instance of lack of testing seems to be that
>> sufficiently many people aren't interested in FC1/FC2 and lack of
>> verifies for those stall the updates for other distros.)
>
> That is, IMHO, a separate issue.  Lack of votes for any OS is the
> problem, not lack of votes for a particular OS.  We could work around
> the lack of votes for a particular OS, but we can't work around a
> total lack of votes.

I think obtaining two verify votes (for any OS version) would still be 
feasible at this point.  For more than that (like 1 x OS or 2 x OS 
version) won't really cut it.

>>> That isn't the point of the project though.  It would be much better to
>>> get two votes.  Heck, if you do one, and I do one, we're done.  The only
>>> time that would be a problem is the once or twice a year we go on vacation.
>>
>> That doesn't seem to have happened all that much, however.
>
> Then let's make it happen, okay?

I encourage you to to do it.

However, I want the project to do something _now_, not in some 
unspecified time in the future (when/if willing testers have been 
recruited).  Just going on as before is unacceptable at this point.

>>>> That said, I could also live with two verify votes (for any version)
>>>> plus the similar timeout, but I think timeliness is more important.
>>>
>>> I can agree to 2 votes plus timeout.  If we give 2 weeks for the votes,
>>> and 2 additional weeks for the timeout, then everything is done in one
>>> month.  Sounds reasonable to me.
>>
>> 4 weeks is a long time for more important security bugs.  2 weeks is
>> maximum after the stuff has been pushed to updates-testing (which
>> typically has also taken quite a while).
>
> I think if it is a important security bug, it will not need the timeout
> as much.  I don't want to rush the less important updates though.  Yes,
> there's a judgement call as to what is important and what isn't.  But
> let's try the longer timeout and see how it works.  If it doesn't work,
> we can go back and shorten it.

There have been bugs like php, perl, kernel etc. which have been in 
progress for a very long time, and the problems have been significant.

I suggest we make sufficiently big changes now (two weeks), and based 
on the results, adjust as appropriate.  Remember, it's two weeks from 
the first VERIFY.  Usually getting even that may take a while.  If 
folks agree that it should be two VERIFY votes, I could accept (4 
weeks from the first verify) || (2 weeks from the second verify), 
whichever is the soonest.

>>>> FYI, one verify vote is sufficient to VERIFY a distro version right
>>>> now, so this is why I said one measly verify vote.
>>>
>>> I wasn't aware of this; last I knew we still needed two votes.  How/when
>>> did this change?
>>
>> A long time ago, maybe a bit over 6 months or so ago.
>
> Strange that as the web site, FAQ, etc. maintainer I'm so out of touch
> with reality.

Well, the change was done in Wiki, so it didn't require action from 
you.  Not looking at wiki or actively testing packages may not reveal 
such changes which are required to keep us moving.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

More information about the fedora-legacy-list mailing list