[Mageia-dev] Status report for Mageia 1 updates, and call for help from you packagers

Thu Aug 25 15:07:05 CEST 2011

On Thu, Aug 25, 2011 at 2:09 PM, Stew Benedict <stewbintn at gmail.com> wrote:
+> On 08/24/2011 08:50 PM, Samuel Verschelde wrote:
+>>
+>> Hi,
+>>
+>> I was told that QA Team's work's visibility needs to be improved, so as a
+>> team
+>> member I'll try to give you some sort of status report.
+>
+>> - 1 has been validated by QA one month ago, but was assigned to security
+>> team
+>> following updates policy for security fixes, and got not answer. We have
+>> to
+>> improve either the policy or the security team here (or both).
+>
+> Do you have a pointer to this bug? I'm not finding it in bugzilla. I'm not
+> sure what I can do with it once assigned back to secteam, aside from write
+> an advisory text. I don't have admin rights to release it, etc. (afaik). It
+> was basically my understanding that the secteam role is to initiate the bug,
+> provide patches, POC, and advisory text and the maintainer do the update and
+> pass it on to QA. I've stopped even intiating because they are just sitting
+> there in the new/unassigned state. some for 2 months or more now. While a
+> shiny new KDE is nice, not pushing updates for published vulnerabilities
+> makes us look bad, imho.
+
+i agree on this point, and this is really something we need to improve quickly
+