From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2012-July/017181.html | 118 +++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 zarb-ml/mageia-dev/2012-July/017181.html (limited to 'zarb-ml/mageia-dev/2012-July/017181.html') diff --git a/zarb-ml/mageia-dev/2012-July/017181.html b/zarb-ml/mageia-dev/2012-July/017181.html new file mode 100644 index 000000000..7818011b6 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-July/017181.html @@ -0,0 +1,118 @@ + + + + [Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg) + + + + + + + + + +

[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)

+ nicolas vigier + boklm at mars-attacks.org +
+ Thu Jul 5 23:51:00 CEST 2012 +

+
+ +
On Thu, 05 Jul 2012, Guillaume Rousse wrote:
+
+> Le 04/07/2012 01:21, David Walser a écrit :
+>> Sorry, think I've got them all now.
+>>
+>> For avidemux and gstreamer0.10-ffmpeg in Mageia 1, it may be sufficient to borrow the patches from the mplayer update.
+>>
+>> For avidemux in Mageia 2, patches will need to be pulled from ffmpeg GIT.
+>>
+>> https://bugs.mageia.org/show_bug.cgi?id=6427
+> I spent some time today to help the QA team to manage those pending 
+> security updates. And for the second time in a week, I've been facing 
+> rather unpleasant attitude from someone else from the same team:
+> https://bugs.mageia.org/show_bug.cgi?id=5939
+>
+> I wonder how we're supposed to work together when expressing an opinion 
+> about issues prioritization expose you to harsh comment from someone unable 
+> to express his disagreement without agressivity. That's not much point 
+> ressorting to "we're all in the same boat" kind of metaphor during IRC 
+> meeting to thereafter suggest to leave the board to people expressing 
+> concerns about the boat heading...
+>
+> So, before any further contribution from my side, I'd like the people in 
+> charge of security updates to find some internal agreement about what kind 
+> of help they expect from other people exactly. If that's just to push a 
+> non-discussable list of changes into spec files, they could as well ask for 
+> SVN commit and package submission rights, to do it directly. This would 
+> avoid a large amount of anger and frustration for everyone.
+
+About prioritization, I think we should remember that :
+- we want security updates quickly, to reduce the time users will have
+  vulnerable systems
+- we don't want regressions in updates, that's why we need QA team to test
+  the updates, and why we avoid major changes in updates
+- all people working on Mageia are volunteers, have limited time and
+  probably other external constraints. We can ask them to make an effort
+  when there is an urgency, but this should not be abused.
+
+So I think it would make sense to have a policy that say that when a
+bug that is not a regression is found while testing an update, it can
+be mentioned for information, but it should not block the validation of
+the update. Packager can fix it while fixing the other issue, if he has
+time, but he doesn't fix it if he is too busy or think it introduce too
+much changes for an update. In that case the issue can be fixed later
+when the packager has some free time, with no hurry.
+
+
+ + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1