issues list(s)

Eric Rostetter rostetter at mail.utexas.edu
Sat Sep 24 20:19:38 UTC 2005 

Quoting Pekka Savola <pekkas at netcore.fi>:

> On Fri, 23 Sep 2005, Eric Rostetter wrote:
> >> I didn't yet update the PUBLISH votes, because the patches need to be
> >> verified, check the requirements at:
> >>
> >> http://www.fedoraproject.org/wiki/Legacy/QAPublish
> >
> > That doesn't explicitely state that I must do so.  If each of the things
> > there *must* be done, then you need to make that more clear, and restate
> > things that are optional as being optional, and restate what you mean since
> > it isn't clear.
> 
> It should: the first three steps are mandatory.  I tried to see if I
> could add clarification on this, but apparently I don't have the edit
> rights for the page (shouldn't it be more open?)

It isn't open any more due to the spam/abuse it was receiving previously.

The "Required checklist" is at the bottom of the page.  It says

"Patches should be mainly taken from publicly available sources, e.g., other
distributions such as RHEL, so that their correctness can be more easily verified."

I didn't read this as "I need to do a direct comparison of the patch source
code with the upstream provider's patch source code."  So maybe it should
be made more explicit.

> The latter bullet points are optional (which is mentioned there),
> implying (but not saying) that the previous ones are mandatory.

I wouldn't count on that being interpreted that way.  Especially since
at the bottom of the page you have a "Required Checklist" for Publish
which differs from the list at the top that you are trying to say is
the required checklist.

> > No, I don't run FC1.

Yes, I said that, but it is wrong.  Since you don't want me to actually
test the code (which I did before) I don't need to run the code, so it
doesn't matter that I don't run FC1, so I now retract that stupid statement.
 
> As you wish, but note that giving PUBLISH votes does not require one
> to run the OS version in question.  I.e., it is not required to test
> the package; just reviewing 1) source integrity, 2) the .spec file,
> and 3) the new patches [if they come from an already-QA'd source] is
> sufficient.

I thought that was what I did, but you say I didn't since I didn't do
a literal comparison of sources, but the wiki is unclear as to what needs
to be done...

> I'm a bit impartial in this because I proposed the packages in the
> first place, but I think verifying the patches is essential.  Even
> thorough testing of the packages may not show problems if the patch is
> not (quite) right.


True.  If I can get the time Monday I'll try  to redo the tests.
But someone really needs to re-write the wiki page, and when Pekka asks
for help with QA he needs to make sure he says only PUBLISH votes following
the wiki required checklist will be accepted.  This requirement does not
exist for VERIFY votes, and that should probably also be noted in Pekka's
mails.  This will avoid the confusion in the future.


> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> 
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-legacy-list
> 


-- 
Eric Rostetter

More information about the fedora-legacy-list mailing list