-testing timeout

[David Rees]

William Hooper wrote, On 1/31/2004 1:27 PM:
> Todd said:
> 
>>One thing I'd be wary of with pushing an update from testing just
>>based on a timeout is how we'd know if anyone had bothered using it.
>>I don't make use of ethereal on a regular basis, so just because I've
>>updated my systems against updates-testing doesn't mean I've even
>>picked up ethereal, let alone tested it at all.
> 
> How does this weigh against a package not getting released for months and
> a new worm appearing that exploits it?

If the vulnerability was that serious, there would be more people 
interested in testing the package.  In the case of ethereal, it seems 
that not many people are interested in the package, hence the low 
interest in testing it.

I would rather sit on a package until it generates the necessary PUBLISH 
votes than release an un-tested package.

Again as I have mentioned before, I feel the ultimate decision is up to 
the bug-owner, and if they are not sure, gather feedback from list 
members.  Just the process of gathering feedback will usually generate 
enough interest in a package to get someone to verify the package.

To get more potential testers, it would be extremely helpful to get an 
easy way for people to get test systems running.  Myself, I only have 
access to some RH73 machines, and I took a look at UML, but the amount 
of setup to get a UML instance up put me off for a while.

-Dave