summaryrefslogtreecommitdiffstats
path: root/zarb-ml/mageia-dev/2012-July/017179.html
diff options
context:
space:
mode:
Diffstat (limited to 'zarb-ml/mageia-dev/2012-July/017179.html')
-rw-r--r--zarb-ml/mageia-dev/2012-July/017179.html149
1 files changed, 149 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-July/017179.html b/zarb-ml/mageia-dev/2012-July/017179.html
new file mode 100644
index 000000000..eda5df18d
--- /dev/null
+++ b/zarb-ml/mageia-dev/2012-July/017179.html
@@ -0,0 +1,149 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+ <TITLE> [Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)
+ </TITLE>
+ <LINK REL="Index" HREF="index.html" >
+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20Help%20needed%20%28also%20forgot%0A%09avidemux%20and%20gstreamer0.10-ffmpeg%29&In-Reply-To=%3C2430177.cHTmxHnoaM%40localhost%3E">
+ <META NAME="robots" CONTENT="index,nofollow">
+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+ <LINK REL="Previous" HREF="017177.html">
+ <LINK REL="Next" HREF="017186.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+ <H1>[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)</H1>
+ <B>AL13N</B>
+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20Help%20needed%20%28also%20forgot%0A%09avidemux%20and%20gstreamer0.10-ffmpeg%29&In-Reply-To=%3C2430177.cHTmxHnoaM%40localhost%3E"
+ TITLE="[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)">alien at rmail.be
+ </A><BR>
+ <I>Thu Jul 5 22:24:23 CEST 2012</I>
+ <P><UL>
+ <LI>Previous message: <A HREF="017177.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)
+</A></li>
+ <LI>Next message: <A HREF="017186.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)
+</A></li>
+ <LI> <B>Messages sorted by:</B>
+ <a href="date.html#17179">[ date ]</a>
+ <a href="thread.html#17179">[ thread ]</a>
+ <a href="subject.html#17179">[ subject ]</a>
+ <a href="author.html#17179">[ author ]</a>
+ </LI>
+ </UL>
+ <HR>
+<!--beginarticle-->
+<PRE>Op donderdag 5 juli 2012 21:31:50 schreef Guillaume Rousse:
+&gt;<i> Le 04/07/2012 01:21, David Walser a &#233;crit :
+</I>&gt;<i> &gt; Sorry, think I've got them all now.
+</I>&gt;<i> &gt;
+</I>&gt;<i> &gt; For avidemux and gstreamer0.10-ffmpeg in Mageia 1, it may be sufficient to
+</I>&gt;<i> &gt; borrow the patches from the mplayer update.
+</I>&gt;<i> &gt;
+</I>&gt;<i> &gt; For avidemux in Mageia 2, patches will need to be pulled from ffmpeg GIT.
+</I>&gt;<i> &gt;
+</I>&gt;<i> &gt; <A HREF="https://bugs.mageia.org/show_bug.cgi?id=6427">https://bugs.mageia.org/show_bug.cgi?id=6427</A>
+</I>&gt;<i>
+</I>&gt;<i> I spent some time today to help the QA team to manage those pending
+</I>&gt;<i> security updates. And for the second time in a week, I've been facing
+</I>&gt;<i> rather unpleasant attitude from someone else from the same team:
+</I>&gt;<i> <A HREF="https://bugs.mageia.org/show_bug.cgi?id=5939">https://bugs.mageia.org/show_bug.cgi?id=5939</A>
+</I>&gt;<i>
+</I>&gt;<i> I wonder how we're supposed to work together when expressing an opinion
+</I>&gt;<i> about issues prioritization expose you to harsh comment from someone
+</I>&gt;<i> unable to express his disagreement without agressivity. That's not much
+</I>&gt;<i> point ressorting to &quot;we're all in the same boat&quot; kind of metaphor during
+</I>&gt;<i> IRC meeting to thereafter suggest to leave the board to people
+</I>&gt;<i> expressing concerns about the boat heading...
+</I>&gt;<i>
+</I>&gt;<i> So, before any further contribution from my side, I'd like the people in
+</I>&gt;<i> charge of security updates to find some internal agreement about what
+</I>&gt;<i> kind of help they expect from other people exactly. If that's just to
+</I>&gt;<i> push a non-discussable list of changes into spec files, they could as
+</I>&gt;<i> well ask for SVN commit and package submission rights, to do it
+</I>&gt;<i> directly. This would avoid a large amount of anger and frustration for
+</I>&gt;<i> everyone.
+</I>
+this is a good point: &quot;BTW, a missing dependency should not be
+considered a blocking issue as it can be easily fixed by the end user.
+Especially for a security update, as he probably already done it.&quot;
+
+also, not sure, but it seems the tester was unawere of perl-CGI-Fast being not
+really required (i think).
+
+still, IRC meeting yesterday seemed to conclude that security or major bug
+updates cannot be majorly delayed by bugs, it is however ok, to ask packager
+to do a quick fix for something at the same time.
+
+still, for this issue, it seems also that there was a month delay due to not
+setting assigned back. or even setting NEEDINFO.
+
+also, i notice that noone seemed to have pointed out the tester that in fact
+that dependency isn't required.
+
+i also see that some sentences look harsh to one of both sides here. (or at
+least to me).
+
+i think we need to understand that:
+
+A. QA team has responsibility on validation of update
+ - thus they decide validated or not
+ - if they find a non-regression bug, they can ask packagers to fix at the same
+time, but for major and security bugs, this should not be waited for, in such
+a case, a separate bug can be made and this one validated.
+ - however, i can also understand that due to the amount of updates needed
+validation, that such a wait, could be instead of 1 day, easily amount to a
+few weeks, without this being intentional.
+ - so, i would ask that QA, try to get the packager on IRC (or email) and if
+the packager isn't immediately available, to still continue to validate and
+possibly make a new bug report on it. so that &quot;bugs&quot; or &quot;features&quot; can still
+be discussed if need be.
+ - give that packagers are responsible for their package (and likely know it
+better than QA team), i would state that they are also responsible for
+deciding need or no (immediate) need for extra change before validation.
+
+B. QA team tests and finds bugs, and the reality of their pov is that if they'd
+put bugs they find in a separate BR, it often doesn't get fixed, and thus each
+validation test for all newer security patches, they hit the same bug for
+testing; which causes them frustration.
+
+C. However, some packages need quite some configuration to get it to run to
+test, so packagers are allowed to add a small list of how to reproduce, or
+even configure it to run. as this will likely make for faster testing, and also
+less possibilities of misunderstanding a possible missing requirement.
+
+Personally, I think regarding this quite some things could've been done
+better, but we can't have it all.
+
+i don't think there's a golden rule for this, and given our limited resources,
+i guess we (both teams) will have to bear with this.
+
+
+PS: i'm just putting my nose in matter that don't concern me here, but i'm
+just trying to understand both sides, i'm not trying to offend anyone, or to
+belittle any of the issues involved.
+</PRE>
+
+
+
+
+
+
+<!--endarticle-->
+ <HR>
+ <P><UL>
+ <!--threads-->
+ <LI>Previous message: <A HREF="017177.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)
+</A></li>
+ <LI>Next message: <A HREF="017186.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)
+</A></li>
+ <LI> <B>Messages sorted by:</B>
+ <a href="date.html#17179">[ date ]</a>
+ <a href="thread.html#17179">[ thread ]</a>
+ <a href="subject.html#17179">[ subject ]</a>
+ <a href="author.html#17179">[ author ]</a>
+ </LI>
+ </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
+mailing list</a><br>
+</body></html>