[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: infrastructure modest proposal



On Fri, Dec 12, 2008 at 1:03 PM, Anne Wilson <annew kde org> wrote:
> How often has this happened?  In the real scheme of things, what percentage of
> packages have caused problems like this?  I'm not denying the problems that
> some people have had, but is there, perhaps, some over-reaction?

How often has what happened? An accidental push to stable meant for
testing? I don't think we could get an accurate count on that.

We could get an accurate count on the number of times a request
directly into stable has been made.. as an upper bound on our
potential exposure to this problem...but we couldn't infer intent very
easily.  We could probably break it out and get security and
non-security pushes.  I myself pushed a non-security update directly
to stable this week, to fix a dep problem caused by someone else
pushing an updated library to stable without going through
updates-testing.  Was I wrong in doing that? I short-circuited my
normal QA practises to make sure users could get that library update
installed which preceeded my package update.  Once we allow any
package to go directly to stable, it can a cascade effect for any
packages which depend on it.

Also keep in mind that every legitimate security update which does not
go to updates-testing presents a similar breakage risk because it
short-circuiting a QA process for the sake of rushing the security fix
to users.

-jef


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]