-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 31 January 2004 13:09, Todd wrote: > Jesse Keating wrote: > > So we've got ethereal in -testing, and it's been there since the > > 22'nd, but nobody has touched it (except for Jonny on 7.3 according > > to an un-signed bugzilla message). > > > > I think that we should have a -testing timeout and if nobody reports > > on it after a week, it gets pushed out as an update, due to all the > > verification that happened to get it into the published state. > > Given this policy, ethereal would be a candidate for release today > > (well day before yesterday but who's counting). If nobody objects > > to this policy, I'll push ethereal out today. > > I was just going to run some tests on 7.2, 7.3, and 8.0 today and/or > tomorrow. That's the only other package in -testing, AFAIK, right? Correct. > One thing I'd be wary of with pushing an update from testing just > based on a timeout is how we'd know if anyone had bothered using it. > I don't make use of ethereal on a regular basis, so just because I've > updated my systems against updates-testing doesn't mean I've even > picked up ethereal, let alone tested it at all. This is true, but the package went under a lot of scrutiny before it ever made it to updates-testing. There is a round of source review in the bug before I ever push it to -testing. -testing is just for verification. > I'd feel more comfortable knowing that the legacy project actually > tested things before pushing them out. Not doing so could come back > and bite us in the ass when some package breaks something that should > have been caught in testing. I know what you're saying about the > prior testing that goes into getting it to testing. Maybe that is > enough. If we end up pushing out updates without any verification in > production, we'll have to hope that it is. I'd prefer to see every package get through testing as well, but I also don't want to sit on a security update for over a week when we could push it. > Just to keep fresh on what else remains to be done, there's slocate > which still hasn't made it there yet, it needs more PUBLISH votes I > believe. Yes, slocate 2.7 needs more PUBLISH votes. We are upgrading rather than updating, so a very close inspection is needed. > What other security fixes are there? Gaim is still up in the air as > far as whether the 0.59 version is affect, correct? We've made the decision to upgrade gaim due to protocol issues. Please test the new version in the bug. > The other things I see in bugzilla are either bugfixes (mc, rpm2html) mc needs testing as well. I had planned on working on mc this weekend (maybe tonight) rpm2html I haven't looked at yet. Part of that rpm upgrade thing. > or things for legacy-utils (apt, synaptic, fedora-rpmdevtools). apt/yum needs to be spun for 8.0, synaptic I guess needs looking at, I've never ever touched it though, so I'm not exactly comfortable doing the work. fedora-rpmdevtools needs looking at, probably has to be modified to work well w/ Legacy. Is anybody even interested in it? - -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) Mondo DevTeam (www.mondorescue.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAHB1l4v2HLvE71NURAmeOAJ0eBC4avx7P5ZdzL852EMkl5yQ1QgCeIUX/ yL4YR0TMjUcJG6Sa9iz88Xo= =82mV -----END PGP SIGNATURE-----
