diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2012-July/017186.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2012-July/017186.html | 165 |
1 files changed, 165 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-July/017186.html b/zarb-ml/mageia-dev/2012-July/017186.html new file mode 100644 index 000000000..986687cc0 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-July/017186.html @@ -0,0 +1,165 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20Help%20needed%20%28also%0A%20forgot%09avidemux%20and%20gstreamer0.10-ffmpeg%29&In-Reply-To=%3C4FF630D9.6090007%40laposte.net%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="017179.html"> + <LINK REL="Next" HREF="017188.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)</H1> + <B>andre999</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20Help%20needed%20%28also%0A%20forgot%09avidemux%20and%20gstreamer0.10-ffmpeg%29&In-Reply-To=%3C4FF630D9.6090007%40laposte.net%3E" + TITLE="[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)">andre999mga at laposte.net + </A><BR> + <I>Fri Jul 6 02:27:05 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="017179.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) +</A></li> + <LI>Next message: <A HREF="017188.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#17186">[ date ]</a> + <a href="thread.html#17186">[ thread ]</a> + <a href="subject.html#17186">[ subject ]</a> + <a href="author.html#17186">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>AL13N a écrit : +><i> Op donderdag 5 juli 2012 21:31:50 schreef Guillaume Rousse: +</I>><i> +</I>>><i> I spent some time today to help the QA team to manage those pending +</I>>><i> security updates. And for the second time in a week, I've been facing +</I>>><i> rather unpleasant attitude from someone else from the same team: +</I>>><i> <A HREF="https://bugs.mageia.org/show_bug.cgi?id=5939">https://bugs.mageia.org/show_bug.cgi?id=5939</A> +</I>>><i> +</I>>><i> I wonder how we're supposed to work together when expressing an opinion +</I>>><i> about issues prioritization expose you to harsh comment from someone +</I>>><i> unable to express his disagreement without agressivity. That's not much +</I>>><i> point ressorting to "we're all in the same boat" kind of metaphor during +</I>>><i> IRC meeting to thereafter suggest to leave the board to people +</I>>><i> expressing concerns about the boat heading... +</I>>><i> +</I>>><i> So, before any further contribution from my side, I'd like the people in +</I>>><i> charge of security updates to find some internal agreement about what +</I>>><i> kind of help they expect from other people exactly. If that's just to +</I>>><i> push a non-discussable list of changes into spec files, they could as +</I>>><i> well ask for SVN commit and package submission rights, to do it +</I>>><i> directly. This would avoid a large amount of anger and frustration for +</I>>><i> everyone. +</I>>><i> +</I>><i> this is a good point: "BTW, a missing dependency should not be +</I>><i> considered a blocking issue as it can be easily fixed by the end user. +</I>><i> Especially for a security update, as he probably already done it." +</I>><i> +</I> +Although if it can be easily added, why not do it ? Even if only a +suggest ? +><i> also, not sure, but it seems the tester was unawere of perl-CGI-Fast being not +</I>><i> really required (i think). +</I>><i> +</I> +According to the comments in the bug, an optional package was required +by the default config file, even if the package was not installed. That +is a real bug. +Adding a suggest is a temporary, and not permanent fix, as suggests +don't have to be installed. Although the permanent fix could be done later. + +This brings up another improvement that is needed in the install +routines. Suggests should be treated as suggests, with confirmation +from the user on install. As such, QA could more readily test and find +such bugs. + +><i> still, IRC meeting yesterday seemed to conclude that security or major bug +</I>><i> updates cannot be majorly delayed by bugs, it is however ok, to ask packager +</I>><i> to do a quick fix for something at the same time. +</I>><i> +</I>><i> still, for this issue, it seems also that there was a month delay due to not +</I>><i> setting assigned back. or even setting NEEDINFO. +</I>><i> +</I>><i> also, i notice that noone seemed to have pointed out the tester that in fact +</I>><i> that dependency isn't required. +</I>><i> +</I>><i> i also see that some sentences look harsh to one of both sides here. (or at +</I>><i> least to me). +</I>><i> +</I>><i> i think we need to understand that: +</I>><i> +</I>><i> A. QA team has responsibility on validation of update +</I>><i> - thus they decide validated or not +</I>><i> - if they find a non-regression bug, they can ask packagers to fix at the same +</I>><i> time, but for major and security bugs, this should not be waited for, in such +</I>><i> a case, a separate bug can be made and this one validated. +</I>><i> - however, i can also understand that due to the amount of updates needed +</I>><i> validation, that such a wait, could be instead of 1 day, easily amount to a +</I>><i> few weeks, without this being intentional. +</I>><i> - so, i would ask that QA, try to get the packager on IRC (or email) and if +</I>><i> the packager isn't immediately available, to still continue to validate and +</I>><i> possibly make a new bug report on it. so that "bugs" or "features" can still +</I>><i> be discussed if need be. +</I>><i> - give that packagers are responsible for their package (and likely know it +</I>><i> better than QA team), i would state that they are also responsible for +</I>><i> deciding need or no (immediate) need for extra change before validation. +</I>><i> +</I>><i> B. QA team tests and finds bugs, and the reality of their pov is that if they'd +</I>><i> put bugs they find in a separate BR, it often doesn't get fixed, and thus each +</I>><i> validation test for all newer security patches, they hit the same bug for +</I>><i> testing; which causes them frustration. +</I>><i> +</I>><i> C. However, some packages need quite some configuration to get it to run to +</I>><i> test, so packagers are allowed to add a small list of how to reproduce, or +</I>><i> even configure it to run. as this will likely make for faster testing, and also +</I>><i> less possibilities of misunderstanding a possible missing requirement. +</I>><i> +</I>><i> Personally, I think regarding this quite some things could've been done +</I>><i> better, but we can't have it all. +</I>><i> +</I>><i> i don't think there's a golden rule for this, and given our limited resources, +</I>><i> i guess we (both teams) will have to bear with this. +</I>><i> +</I>><i> +</I>><i> PS: i'm just putting my nose in matter that don't concern me here, but i'm +</I>><i> just trying to understand both sides, i'm not trying to offend anyone, or to +</I>><i> belittle any of the issues involved. +</I>><i> +</I>+1 + +Sometimes when things get frustrating, a few kind words from both sides +can help a lot. +And maybe step back and smile a little. +But it certainly can be difficult. + +-- +André + +</PRE> + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="017179.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) +</A></li> + <LI>Next message: <A HREF="017188.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#17186">[ date ]</a> + <a href="thread.html#17186">[ thread ]</a> + <a href="subject.html#17186">[ subject ]</a> + <a href="author.html#17186">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |