diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2012-July/017182.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2012-July/017182.html | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-July/017182.html b/zarb-ml/mageia-dev/2012-July/017182.html new file mode 100644 index 000000000..0bf70dbe7 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-July/017182.html @@ -0,0 +1,160 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20Help%20needed%20%28also%0A%20forgot%09avidemux%20and%20gstreamer0.10-ffmpeg%29&In-Reply-To=%3C4FF61341.1050202%40gmail.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="017181.html"> + <LINK REL="Next" HREF="017187.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)</H1> + <B>Claire Robinson</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20Help%20needed%20%28also%0A%20forgot%09avidemux%20and%20gstreamer0.10-ffmpeg%29&In-Reply-To=%3C4FF61341.1050202%40gmail.com%3E" + TITLE="[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)">eeeemail at gmail.com + </A><BR> + <I>Fri Jul 6 00:20:49 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="017181.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) +</A></li> + <LI>Next message: <A HREF="017187.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#17182">[ date ]</a> + <a href="thread.html#17182">[ thread ]</a> + <a href="subject.html#17182">[ subject ]</a> + <a href="author.html#17182">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On 05/07/12 22:51, nicolas vigier wrote: +><i> On Thu, 05 Jul 2012, Guillaume Rousse wrote: +</I>><i> +</I>>><i> Le 04/07/2012 01:21, David Walser a écrit : +</I>>>><i> Sorry, think I've got them all now. +</I>>>><i> +</I>>>><i> For avidemux and gstreamer0.10-ffmpeg in Mageia 1, it may be sufficient to borrow the patches from the mplayer update. +</I>>>><i> +</I>>>><i> For avidemux in Mageia 2, patches will need to be pulled from ffmpeg GIT. +</I>>>><i> +</I>>>><i> <A HREF="https://bugs.mageia.org/show_bug.cgi?id=6427">https://bugs.mageia.org/show_bug.cgi?id=6427</A> +</I>>><i> I spent some time today to help the QA team to manage those pending +</I>>><i> security updates. And for the second time in a week, I've been facing +</I>>><i> rather unpleasant attitude from someone else from the same team: +</I>>><i> <A HREF="https://bugs.mageia.org/show_bug.cgi?id=5939">https://bugs.mageia.org/show_bug.cgi?id=5939</A> +</I>>><i> +</I>>><i> I wonder how we're supposed to work together when expressing an opinion +</I>>><i> about issues prioritization expose you to harsh comment from someone unable +</I>>><i> to express his disagreement without agressivity. That's not much point +</I>>><i> ressorting to "we're all in the same boat" kind of metaphor during IRC +</I>>><i> meeting to thereafter suggest to leave the board to people expressing +</I>>><i> concerns about the boat heading... +</I>>><i> +</I>>><i> So, before any further contribution from my side, I'd like the people in +</I>>><i> charge of security updates to find some internal agreement about what kind +</I>>><i> of help they expect from other people exactly. If that's just to push a +</I>>><i> non-discussable list of changes into spec files, they could as well ask for +</I>>><i> SVN commit and package submission rights, to do it directly. This would +</I>>><i> avoid a large amount of anger and frustration for everyone. +</I>><i> +</I>><i> About prioritization, I think we should remember that : +</I>><i> - we want security updates quickly, to reduce the time users will have +</I>><i> vulnerable systems +</I>><i> - we don't want regressions in updates, that's why we need QA team to test +</I>><i> the updates, and why we avoid major changes in updates +</I>><i> - all people working on Mageia are volunteers, have limited time and +</I>><i> probably other external constraints. We can ask them to make an effort +</I>><i> when there is an urgency, but this should not be abused. +</I>><i> +</I>><i> So I think it would make sense to have a policy that say that when a +</I>><i> bug that is not a regression is found while testing an update, it can +</I>><i> be mentioned for information, but it should not block the validation of +</I>><i> the update. Packager can fix it while fixing the other issue, if he has +</I>><i> time, but he doesn't fix it if he is too busy or think it introduce too +</I>><i> much changes for an update. In that case the issue can be fixed later +</I>><i> when the packager has some free time, with no hurry. +</I>><i> +</I> + +The trouble with this is, when the packager finds some free time it then +creates yet another update request for QA to validate and compounds the +problem. We simply have to apply common sense. If something is easily +fixed, fix it. If it isn't then ask for a separate bug report. There is +no black and white policy for this, either extreme is wrong. + +I would hope that any packager sending an update for validation would be +willing to follow that up and not just abandon it and move on, becoming +annoyed when problems are found. + +You wouldn't expect QA to do that on our bug reports, you would rightly +expect us to follow them up and provide any extra information and +testing as required. Even knowing how busy we are. + +I am sure bug reports from our general userbase are not so keenly +monitored or completely reported as the ones we create. + +This was all discussed yesterday. There is no real problem to resolve, +other than finding more people to volunteer their time. This hostility +towards QA is rather detrimental to that particular cause though. + +The methods we use are tried and tested, and have remained unchanged +since the first updates began to arrive for Mageia 1. There is no reason +to change them now and certainly no reason to begin taking shortcuts. + +QA is not there to 'rubber stamp' updates, we are there to perform QA. +To view things from a users perspective and try to find the bugs before +they reach them. We have to apply common sense in our work and only ask +that packagers do the same thing. + +None of us want to see buggy updates being released or unnecessary +delays I'm sure. + +Claire + + + + + +</PRE> + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="017181.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) +</A></li> + <LI>Next message: <A HREF="017187.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#17182">[ date ]</a> + <a href="thread.html#17182">[ thread ]</a> + <a href="subject.html#17182">[ subject ]</a> + <a href="author.html#17182">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |