Problems with bodhi and security updates
Ville Skyttä
ville.skytta at iki.fi
Sun Jan 27 20:30:48 UTC 2008
On Sunday 27 January 2008, Kevin Kofler wrote:
> One more thing: you're quick to blame the security team approval process
> when it delays your Fedora 8 update,
This is not about any particular update, and I don't know why you're pointing
fingers back at me about something different. I saw something that smelled
like a broken process and tried to provide as accurate an example as possible
to illustrate my observations, hence used the xine-lib case with what I
experienced it with, hoping to get feedback from those who have designed it
and are applying it saying whether it works as intended (and if, why). I
also asked for instructions in case there was something I should have done
differently.
> but this is already the third update
> you're pushing to Fedora 7 updates-testing,
Ok, I'll bite.
The first one went to testing because in addition to a security fix it was a
version bump from version 1.1.7 to 1.1.9.1. I now think this was a mistake
and I should not have touched F-7 at all.
The second one (trivial non-security 1.1.9+ regression fixes) went also to
testing because nobody had notified me whether the previous testing update
worked or not.
The 3rd one was an update to 1.1.10 which contained a security fix and some
other pretty harmless looking changes - I decided to push that directly to
stable because of the nature of those changes and more importantly because
meanwhile a confirmation comment arrived that the latest 1.1.9.1 incarnation
worked for some people. Bodhi turned that into the 3rd testing request.
At the time of filing the 3rd request (more precisely a bit before that) I
also revoked the existing 1.1.9.1 testing->stable update request because I
had no idea I wouldn't be able to push the new one directly to stable and
thought it'd take the same time for the 1.1.9.1 testing->stable to be
processed as the 1.1.10 directly to stable one.
> and you appear not to have requested a push to stable for any.
Yes, I have. I filed that request immediately after the first comment arrived
in Bodhi that someone had tested the F-7 update and found it working (thanks,
Rex!).
> Many maintainers don't even test their NON-security updates on all Fedora
> versions before they push them. (Hey, you're lucky if they even tested it
> on ANY distro. ;-) ) You may think that's a bad idea,
VERY much so, and I will not participate in that madness, but that's a rant
for another day.
> but at least for
> security updates, I think getting it out quickly is more important.
For easily reviewable security fix updates only, agreed.
More information about the fedora-devel-list
mailing list