[Mageia-dev] Security Update Process

Mon May 16 20:15:05 CEST 2011

On 16 May 2011 18:08, Thierry Vignaud <thierry.vignaud at gmail.com> wrote:
+> On 16 May 2011 18:05, Ahmad Samir <ahmadsamir3891 at gmail.com> wrote:
+>>>> Mageia 1 is approaching quickly and we need to get our process in place
+>>>> for security updates. We talked a bit about it a few weeks ago, and I
+>>>> started a wiki page, but it needs more detail. Anne and I chatted on IRC
+>>>> and it looks like we'll want to cutoff the "on the iso " updates at the
+>>>> end of this week, so we need a process in place to release post-iso updates.
+>>>>
+>>>> ref: http://mageia.org/wiki/doku.php?id=security
+>>>>
+>>>> As I see it, initially we need, in no particular order:
+>>>>
+>>>> 1) a means to build updates for the release (iurt setup for mga1?)
+>>>
+>>> A iurt setup for mga1 will exist anyway, what is missing is a way to
+>>> later upload to non public place.
+>>> Initially, we can just setup youri to restrict submitting a build to
+>>> updates_testing or updates to the secteam and it should be enough.
+>>>
+>>
+>> Ideally packagers should be able to submit to update_testing when they
+>> want to push a fixed package to ask for testing. So restricting
+>> submitting to updates sounds more logical?
+>
+> What's more that matches what we were doing back @mdv.
+> The process was:
+> - trusted packagers upload into main/testing,
+> - all packager can upload into contrib/testing,
+
+(Off-topic: I am not sure this was the case in mdv in the past
+2-3years at least, all packagers could submit into main/testing....).
+
+> - ticket (for main/*) is opened & assigned to qa
+> - people || qa test
+> - if tests succeed, ticket is assigned to secteam
+> - secteam rebuild with its own sig & push the package
+>
+
+
+
+-- 
+Ahmad Samir
+