-testing timeout
David Rees
drees at greenhydrant.com
Sun Feb 1 01:07:02 UTC 2004
William Hooper wrote, On 1/31/2004 1:27 PM:
> Todd said:
>
>>One thing I'd be wary of with pushing an update from testing just
>>based on a timeout is how we'd know if anyone had bothered using it.
>>I don't make use of ethereal on a regular basis, so just because I've
>>updated my systems against updates-testing doesn't mean I've even
>>picked up ethereal, let alone tested it at all.
>
> How does this weigh against a package not getting released for months and
> a new worm appearing that exploits it?
If the vulnerability was that serious, there would be more people
interested in testing the package. In the case of ethereal, it seems
that not many people are interested in the package, hence the low
interest in testing it.
I would rather sit on a package until it generates the necessary PUBLISH
votes than release an un-tested package.
Again as I have mentioned before, I feel the ultimate decision is up to
the bug-owner, and if they are not sure, gather feedback from list
members. Just the process of gathering feedback will usually generate
enough interest in a package to get someone to verify the package.
To get more potential testers, it would be extremely helpful to get an
easy way for people to get test systems running. Myself, I only have
access to some RH73 machines, and I took a look at UML, but the amount
of setup to get a UML instance up put me off for a while.
-Dave
More information about the fedora-legacy-list
mailing list