Re: updates-testing --> updates policy discussion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Massive headache...

Jesse Keating wrote:
On Thursday 08 January 2004 16:15, Warren Togami wrote:

http://www.fedora.us/wiki/PackageSubmissionQAPolicy
We need to discuss how to change this procedure for Legacy specific
packages.


Post message to either "fedora-legacy-announce" or "fedora-legacy-devel" about a suspected vulnerability or bugfix that you'd like to fix.

I agree with fedora-legacy-devel, but fedora-legacy-announce is for official announcements of the Legacy project, like security advisories only. Right? Well that's what I would expect anyhow...


Use "FedoraLegacy Package Naming Guidelines" instead of generic fedora.us guidelines

Of course.


Fix the numbering scheme... 1,2,3,4,1,2,3,4 ? why start over? Move the signing from before the optional rpmlint to after the option rpmlint.


The formatting of the document isn't important in this discussion. The actual process is.

2 initial keywords. "updates-testing" or "updates", and "security" or "bugfix" to indicate what type of update it is.

Change "fedora-package-announce" to "fedora-legacy-announce".


Exactly.


We also need to change the definition of "trusted" for Legacy
specific packages, along with the requirements for reaching the
"trusted" status.

Thoughts?


Trusted could be a term given to those developers who've put forth and followed through with a certain number of security fixes in packages. I'd say untrusted == 0-5, semi-trusted == 6-9, trusted == 10=+. A package can inherit it's trusted status from the developer who puts if forth. Now where we use the term or what it really means to the end users is yet another point of discussion.


I'm not sure how to respond here except to say I have a bad feeling about this. I am realizing that it was a bad time to ask this specific question.

Giving hard numbers for thresholds of "trust" IMHO is a mistake. You cannot earn "trust" by mechanically doing a set number of tasks. It could even be dangerous to make such a policy.

"Trust" is something that you earn through dedication and hard work. Trust is not something that can be given cold, quantized numbers.

http://www.fedora.us/LEGACY

These are the folks that gain trust. Those who spend hours doing boring work of porting patches, building and testing packages for a lazy userbase waiting for a free lunch - someone else to do the work for them.

Hard work and dedication is what built the "trusted" group in the original fedora.us project, and I would suggest doing the same here.

Follow the process, and review the patches. That is the only way we can get these packages published.

Warren



[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux