[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: thunderbird upgrade - wtf?



On 10/14/2009 01:13 PM, Kevin Kofler wrote:
> Rahul Sundaram wrote:
>> If maintainers choose to include a beta release, then it would have been
>> better to collect more feedback for a longer period of time for updates.
> 
> I already answered this in more detail on your blog, but:
> 1. It's a security update, so a short testing period is normal.

That really depends on the severity of the update vs the potential to
cause problems.  Remember the d-bus security update that caused so many
problems not so long ago? That one was a security update as well.

https://admin.fedoraproject.org/updates/F11/FEDORA-2009-9911?_csrf_token=b77b748e49c5311eb85031331cb2f6474028d615

The update neither details what the security issues or nor does it tell
what other changes have been made. Not even a link to the upstream
release notes. So let's look at that

http://www.mozillamessaging.com/en-US/thunderbird/3.0b4/releasenotes/

Hmmm. Not much details on what the security issue being fixed is. The
only mention of security is about some SSL change

http://www.rumblingedge.com/2009/09/23/thunderbird-3-beta-4-released/

So I have no idea how severe the security problem was

> 2. It reached +3 karma and got automatically queued for stable.

Are you claiming that there is no way for maintainers to determine how
long the update stays in updates-testing repository? If not, I don't see
this point as relevant.

>>  My mails to this list is my "negative karma".
> 
> But it's too late, the update already got pushed.

It isn't too late to push another update that fixes the problem.

Rahul


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]