1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20Help%20needed%20%28also%0A%20forgot%09avidemux%20and%20gstreamer0.10-ffmpeg%29&In-Reply-To=%3C4FF61341.1050202%40gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="017181.html">
<LINK REL="Next" HREF="017187.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)</H1>
<B>Claire Robinson</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20Help%20needed%20%28also%0A%20forgot%09avidemux%20and%20gstreamer0.10-ffmpeg%29&In-Reply-To=%3C4FF61341.1050202%40gmail.com%3E"
TITLE="[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)">eeeemail at gmail.com
</A><BR>
<I>Fri Jul 6 00:20:49 CEST 2012</I>
<P><UL>
<LI>Previous message: <A HREF="017181.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)
</A></li>
<LI>Next message: <A HREF="017187.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#17182">[ date ]</a>
<a href="thread.html#17182">[ thread ]</a>
<a href="subject.html#17182">[ subject ]</a>
<a href="author.html#17182">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On 05/07/12 22:51, nicolas vigier wrote:
><i> On Thu, 05 Jul 2012, Guillaume Rousse wrote:
</I>><i>
</I>>><i> Le 04/07/2012 01:21, David Walser a écrit :
</I>>>><i> Sorry, think I've got them all now.
</I>>>><i>
</I>>>><i> For avidemux and gstreamer0.10-ffmpeg in Mageia 1, it may be sufficient to borrow the patches from the mplayer update.
</I>>>><i>
</I>>>><i> For avidemux in Mageia 2, patches will need to be pulled from ffmpeg GIT.
</I>>>><i>
</I>>>><i> <A HREF="https://bugs.mageia.org/show_bug.cgi?id=6427">https://bugs.mageia.org/show_bug.cgi?id=6427</A>
</I>>><i> I spent some time today to help the QA team to manage those pending
</I>>><i> security updates. And for the second time in a week, I've been facing
</I>>><i> rather unpleasant attitude from someone else from the same team:
</I>>><i> <A HREF="https://bugs.mageia.org/show_bug.cgi?id=5939">https://bugs.mageia.org/show_bug.cgi?id=5939</A>
</I>>><i>
</I>>><i> I wonder how we're supposed to work together when expressing an opinion
</I>>><i> about issues prioritization expose you to harsh comment from someone unable
</I>>><i> to express his disagreement without agressivity. That's not much point
</I>>><i> ressorting to "we're all in the same boat" kind of metaphor during IRC
</I>>><i> meeting to thereafter suggest to leave the board to people expressing
</I>>><i> concerns about the boat heading...
</I>>><i>
</I>>><i> So, before any further contribution from my side, I'd like the people in
</I>>><i> charge of security updates to find some internal agreement about what kind
</I>>><i> of help they expect from other people exactly. If that's just to push a
</I>>><i> non-discussable list of changes into spec files, they could as well ask for
</I>>><i> SVN commit and package submission rights, to do it directly. This would
</I>>><i> avoid a large amount of anger and frustration for everyone.
</I>><i>
</I>><i> About prioritization, I think we should remember that :
</I>><i> - we want security updates quickly, to reduce the time users will have
</I>><i> vulnerable systems
</I>><i> - we don't want regressions in updates, that's why we need QA team to test
</I>><i> the updates, and why we avoid major changes in updates
</I>><i> - all people working on Mageia are volunteers, have limited time and
</I>><i> probably other external constraints. We can ask them to make an effort
</I>><i> when there is an urgency, but this should not be abused.
</I>><i>
</I>><i> So I think it would make sense to have a policy that say that when a
</I>><i> bug that is not a regression is found while testing an update, it can
</I>><i> be mentioned for information, but it should not block the validation of
</I>><i> the update. Packager can fix it while fixing the other issue, if he has
</I>><i> time, but he doesn't fix it if he is too busy or think it introduce too
</I>><i> much changes for an update. In that case the issue can be fixed later
</I>><i> when the packager has some free time, with no hurry.
</I>><i>
</I>
The trouble with this is, when the packager finds some free time it then
creates yet another update request for QA to validate and compounds the
problem. We simply have to apply common sense. If something is easily
fixed, fix it. If it isn't then ask for a separate bug report. There is
no black and white policy for this, either extreme is wrong.
I would hope that any packager sending an update for validation would be
willing to follow that up and not just abandon it and move on, becoming
annoyed when problems are found.
You wouldn't expect QA to do that on our bug reports, you would rightly
expect us to follow them up and provide any extra information and
testing as required. Even knowing how busy we are.
I am sure bug reports from our general userbase are not so keenly
monitored or completely reported as the ones we create.
This was all discussed yesterday. There is no real problem to resolve,
other than finding more people to volunteer their time. This hostility
towards QA is rather detrimental to that particular cause though.
The methods we use are tried and tested, and have remained unchanged
since the first updates began to arrive for Mageia 1. There is no reason
to change them now and certainly no reason to begin taking shortcuts.
QA is not there to 'rubber stamp' updates, we are there to perform QA.
To view things from a users perspective and try to find the bugs before
they reach them. We have to apply common sense in our work and only ask
that packagers do the same thing.
None of us want to see buggy updates being released or unnecessary
delays I'm sure.
Claire
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="017181.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)
</A></li>
<LI>Next message: <A HREF="017187.html">[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#17182">[ date ]</a>
<a href="thread.html#17182">[ thread ]</a>
<a href="subject.html#17182">[ subject ]</a>
<a href="author.html#17182">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
