[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pushing packages to stable

On 24.10.2008 16:38, Dennis Gilmore wrote:

Yesterday a request to move a package to stable early was made. I denied it because the reason given was "due to popular customer demand" there is no way to measure that. and the next stable push will be just over a week away.
To Date the only reason that packages have been pushed to stable early has been security issues.

Sorry, but that's not incorrect. I in the past now and then did push some packages by packagers request if there was a good reason for it. Of course "due to popular customer demand" alone is not enough reason.

Security bugs are of course one (very) good reason, but not the only one to move a new package to the proper repos quickly -- sometimes other bugsfixes are just as important to send out quickly, hence we should push them as soon as possible.

if you point epel_signers at a bug that mentions a CVE we will push the package to stable.

That is not how we handled it in the past. What EPEL Steering Committe agreed on a few months ago was added to the FAQ in the Wiki:

What do I need to do if I need to get a updated package quickly into the EPEL proper?

If you want to see a package moved from the testing or needsign repos to the proper EPEL repos (for example to fix important (security) bugs) please test the package once it got build; if it works well send a mail asking for this move to [[MailTo(epel_signers-members AT fedoraproject DOT org )]

We should enhance this; the request for moving should include the reason for the move.

 But i wanted to open up the discussion here.

Such a rule like the you outlined above IMHO would be stupid bureaucracy -- a hurdle that makes life for packagers hard, as they for each and every bug would have to open a bug. That's something most packagers don't want to do. They just want to commit the package and tell somebody "hey, this update fixes a security bug; I tested this, it works; please move to the proper repos as soon as possible." Which often worked fine; I even did it often if somebody on IRC just said to me "hey, can you move this please, as it fixes a important bug"; that was low overhead and worked just fine for everybody. Especially as that way we can fix bugs that don't (yet) have a CVS entry.

 EPEL is supposed to be stable and slower moving than fedora.

Fully agreed. But it should not be moving slower then RHEL, as even Red Hat pushes enhancements as regular updates now and then. We should do the same in EPEL if there is a good reasons.

 the package in question happened to be built yesterday.

Then of course it's unacceptable to move if there is no good reason (which we might not aware of yet).

 and it was an update of an existing package.

Which is irrelevant -- the packager might be aware of crucial data-corruption bug in the package that needs to be fixed quickly to avoid further problems for users (but for the package is question that afaics was not the case)

 so it really should live in testing for a little while.

+1 for the package in question

> [...]


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]