[Mageia-dev] Finalizing update process

Wed Jun 8 18:57:40 CEST 2011

On Wed, 8 Jun 2011, Michael Scherer wrote:
+
+> Le mercredi 08 juin 2011 à 10:40 +0200, Anne nicolas a écrit :
+>> Hi there
+>>
+>> We have some stuff to complete here:
+>> http://mageia.org/wiki/doku.php?id=security
+>>
+>> <http://mageia.org/wiki/doku.php?id=security>Can we spend the 2 or 3 coming
+>> days to finalize it and start updates submits?
+>
+> Pascal is working on this.
+>
+> So here is a proposal :
+> - anybody can submit a package to updates_testing.
+> - once submitted to testing, it should ask to QA to test, along with :
+>  - a reason for the update ( likely bug number )
+>  - potentially a priority ( ie, if this is just a translation update or
+> a urgent 0 day exploit )
+>  - a way to test the bug and see it is fixed
+>  - text for the update
+
+> - qa validate the update ( with process to define )
+
+> - someone move the package from updates_testing to testing
+
+Someone from security (stable updates) team I guess?
+
+> - the bug is closed
+> - a announce is sent ( on various medias to be defined ), with the text
+> of update
+
+So who decides to reject an update and at what point? According to your 
+proposal, either QA people decide this or they waste time on updates that 
+later get rejected.
+
+> So the points are :
+> - no update can be uploaded without QA validation
+
+What does 'QA validation' mean exactly, can only certain people do it...?
+
+> - QA manage the checks, and so will requires help ( hence the security
+> team or any packager can help, provided they know how to do QA )
+
+So a packager wants to fix a bug in package that is not very visible, 
+sends it to QA, then has to test it anyway? I'm not sure what you're 
+saying here.
+
+
+     Christiaan
+