Fwd: Re: releasing updates-testing packages without VERIFY votes
Benjamin Smith
lists at benjamindsmith.com
Tue Sep 27 17:36:46 UTC 2005
On Friday 23 September 2005 10:03, William Stockall wrote:
> I concur with Mr. McCarty. If untested updates are moved in with the
> tested updates then NONE of the updates can be trusted. Who wants to go
> back to the bug entry to check for sure if an update actually got tested
> prior to rolling it out?
So don't release them to the same place...
What if a repo is set up just for these timed out packages, and if somebody
wants to use them, they can set their yum.conf to include this "semi-trusted"
repository?
If the package is given a name like
bison-1.28-7.FEDORA-LEGACY-TIMEDOUT
Then it would be easy to see what you have installed that you might consider
checking out by piping the output from "rpm -qa" thru grep.
I think this answers both sides of the equation, the underlying question seems
to be "Does the risk of not publishing security updates exceed the risk of
installing untested packages?"
Would this add much to the administrative overhead for these packages?
-Ben
--
"The best way to predict the future is to invent it."
- XEROX PARC slogan, circa 1978
More information about the fedora-legacy-list
mailing list