[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: fedora-startqa

Thanks for the feedback Toshio !

Toshio wrote:

> - A NEEDSWORK review is just as valuable as a PUBLISH +1 review.  I'd
> like to see the script generate that as well.

Good idea, right now, the idea is to stop if a QA showstopper is found (no
signature, build fails in mach), and let the QA'er write the NEEDSWORK
review. This can be automated a little I think. Added on the TODO list.

> - (Showing my ignorance of mach) How safe is it to build untrusted
> sources within mach?  since mach builds the package before the user gets
> a chance to go look at whether the Source URL is canonical, I was
> wondering....

Well, you can read the spec file before building in mach, so you can look at
the URLs for the sources, start you browser and have a look. Is that what
you mean ?

> - Review has "Installs, runs, and uninstalls fine on FC1" but I haven't
> done any of that yet -- should it be in TODO?

It is always in the TODO anyway. Erik also thinks that it should not be
there, so I'll remove it, but I've put it there to remember the user to
tell which distro he has tested the package on, and to check
uninstallation. I think that nothing prevents a user from doing a false
review anyway, and I wanted to make a template where nothing but the
"notes" had to be added. Anyway, if the majority thinks it's wrong, let's
remove it.

> - The first time I ran it, the script errored out because there was an
> old version of an md5sum file on the server that didn't have the package
> version I had up there.

Can you give me a bug id ?

> However, GPG signed SRPMs are equivalent to 
> checking a GPG signed md5sum file that has an  md5sum for the SRPM.  So
> my view is if the GPG signature on the SRPM is good and the MD5SUM file
> doesn't contradict it (ie: different signing keys, different MD5Sums for
> the same file) it shouldn't error out.

Yes, there is this -c option to disable srpm md5sum checking.

> - I'd like to be able to point at an SRPM instead of into bugzilla in
> case I have an SRPM already on my machine that I'd like to check.

This is already on my TODO list :-)

Thanks for your review

http://gauret.free.fr   ~~~~   Jabber : gauret amessage info
Hacker vaillant, rien d'impossible.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]