diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2012-July/017179.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2012-July/017179.html | 149 |
1 files changed, 149 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-July/017179.html b/zarb-ml/mageia-dev/2012-July/017179.html new file mode 100644 index 000000000..eda5df18d --- /dev/null +++ b/zarb-ml/mageia-dev/2012-July/017179.html @@ -0,0 +1,149 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20Help%20needed%20%28also%20forgot%0A%09avidemux%20and%20gstreamer0.10-ffmpeg%29&In-Reply-To=%3C2430177.cHTmxHnoaM%40localhost%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="017177.html"> + <LINK REL="Next" HREF="017186.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)</H1> + <B>AL13N</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20Help%20needed%20%28also%20forgot%0A%09avidemux%20and%20gstreamer0.10-ffmpeg%29&In-Reply-To=%3C2430177.cHTmxHnoaM%40localhost%3E" + TITLE="[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)">alien at rmail.be + </A><BR> + <I>Thu Jul 5 22:24:23 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="017177.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) +</A></li> + <LI>Next message: <A HREF="017186.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#17179">[ date ]</a> + <a href="thread.html#17179">[ thread ]</a> + <a href="subject.html#17179">[ subject ]</a> + <a href="author.html#17179">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Op donderdag 5 juli 2012 21:31:50 schreef Guillaume Rousse: +><i> Le 04/07/2012 01:21, David Walser a écrit : +</I>><i> > Sorry, think I've got them all now. +</I>><i> > +</I>><i> > For avidemux and gstreamer0.10-ffmpeg in Mageia 1, it may be sufficient to +</I>><i> > borrow the patches from the mplayer update. +</I>><i> > +</I>><i> > For avidemux in Mageia 2, patches will need to be pulled from ffmpeg GIT. +</I>><i> > +</I>><i> > <A HREF="https://bugs.mageia.org/show_bug.cgi?id=6427">https://bugs.mageia.org/show_bug.cgi?id=6427</A> +</I>><i> +</I>><i> I spent some time today to help the QA team to manage those pending +</I>><i> security updates. And for the second time in a week, I've been facing +</I>><i> rather unpleasant attitude from someone else from the same team: +</I>><i> <A HREF="https://bugs.mageia.org/show_bug.cgi?id=5939">https://bugs.mageia.org/show_bug.cgi?id=5939</A> +</I>><i> +</I>><i> I wonder how we're supposed to work together when expressing an opinion +</I>><i> about issues prioritization expose you to harsh comment from someone +</I>><i> unable to express his disagreement without agressivity. That's not much +</I>><i> point ressorting to "we're all in the same boat" kind of metaphor during +</I>><i> IRC meeting to thereafter suggest to leave the board to people +</I>><i> expressing concerns about the boat heading... +</I>><i> +</I>><i> So, before any further contribution from my side, I'd like the people in +</I>><i> charge of security updates to find some internal agreement about what +</I>><i> kind of help they expect from other people exactly. If that's just to +</I>><i> push a non-discussable list of changes into spec files, they could as +</I>><i> well ask for SVN commit and package submission rights, to do it +</I>><i> directly. This would avoid a large amount of anger and frustration for +</I>><i> everyone. +</I> +this is a good point: "BTW, a missing dependency should not be +considered a blocking issue as it can be easily fixed by the end user. +Especially for a security update, as he probably already done it." + +also, not sure, but it seems the tester was unawere of perl-CGI-Fast being not +really required (i think). + +still, IRC meeting yesterday seemed to conclude that security or major bug +updates cannot be majorly delayed by bugs, it is however ok, to ask packager +to do a quick fix for something at the same time. + +still, for this issue, it seems also that there was a month delay due to not +setting assigned back. or even setting NEEDINFO. + +also, i notice that noone seemed to have pointed out the tester that in fact +that dependency isn't required. + +i also see that some sentences look harsh to one of both sides here. (or at +least to me). + +i think we need to understand that: + +A. QA team has responsibility on validation of update + - thus they decide validated or not + - if they find a non-regression bug, they can ask packagers to fix at the same +time, but for major and security bugs, this should not be waited for, in such +a case, a separate bug can be made and this one validated. + - however, i can also understand that due to the amount of updates needed +validation, that such a wait, could be instead of 1 day, easily amount to a +few weeks, without this being intentional. + - so, i would ask that QA, try to get the packager on IRC (or email) and if +the packager isn't immediately available, to still continue to validate and +possibly make a new bug report on it. so that "bugs" or "features" can still +be discussed if need be. + - give that packagers are responsible for their package (and likely know it +better than QA team), i would state that they are also responsible for +deciding need or no (immediate) need for extra change before validation. + +B. QA team tests and finds bugs, and the reality of their pov is that if they'd +put bugs they find in a separate BR, it often doesn't get fixed, and thus each +validation test for all newer security patches, they hit the same bug for +testing; which causes them frustration. + +C. However, some packages need quite some configuration to get it to run to +test, so packagers are allowed to add a small list of how to reproduce, or +even configure it to run. as this will likely make for faster testing, and also +less possibilities of misunderstanding a possible missing requirement. + +Personally, I think regarding this quite some things could've been done +better, but we can't have it all. + +i don't think there's a golden rule for this, and given our limited resources, +i guess we (both teams) will have to bear with this. + + +PS: i'm just putting my nose in matter that don't concern me here, but i'm +just trying to understand both sides, i'm not trying to offend anyone, or to +belittle any of the issues involved. +</PRE> + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="017177.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) +</A></li> + <LI>Next message: <A HREF="017186.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#17179">[ date ]</a> + <a href="thread.html#17179">[ thread ]</a> + <a href="subject.html#17179">[ subject ]</a> + <a href="author.html#17179">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |