-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As we get closer to pushing out our first round of updates, we need to (re)visit our publishing policy. Warren had persuaded me to agree with him that an extra level of testing needs to happen prior to a public release. Currently the process in full is: 1) file a bug with packages fixing a certain flaw 2) QA the package for source aspects and general build issues 3) push the package into updates-testing once two people give "PUBLISH" votes. 4) once in updates-testing, one test of package in full production is enough to release the package into testing. The whole "updates-testing" thing is the new wrinkle that Warren talked to me about. What I'm struggling with is how to handle the -testing aspects. A) Is the updates-testing package signed, and if so, with what key? B) How is the package announced? C) How can we verify that the tester is really testing the package? D) Since we release the package across multiple releases, how long do we wait on a specific release to be tested before releasing the rest of the packages? Please comment. - -- Jesse Keating RHCE MCSE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedora.us/wiki/FedoraLegacy) Mondo DevTeam (www.mondorescue.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAC52h4v2HLvE71NURAovDAJ9sbVHvWaZTM4KAQziLYv6oPWmtBACfUl/L XPj/knIX/HOz+OJ3zAzL3OY= =u6Jw -----END PGP SIGNATURE-----
