On Thu, 2004-09-09 at 21:01, Eric Rostetter wrote: > We want to avoid releasing broken packages at all costs. Doesn't everybody... but not really at ALL costs. > > But we shouldn't stop a functioning, tested patch that fixes a security > problem be delayed just because a second problem is found in the same > package. > > If the first problem is fixed and tested, it should be released even > if another (existing) problem is identified with that package. Waiting > until all known problems are fixed just delays releases for ever, discourages > people from testing them (since they test is no invalidated), and causes > complaints and bad PR for the FLP. It's very very easy to go down the road of "but how about this tiny little thing that <somebody> just found, can we include it in this update as well pretty pretty please". There will always be another "tiny little thing" wanting fixing... It's to better set an initial goal of "this package fixes CAN-xxxxx and NOTHING else", verify "it still boots and seems to function" and publish that than to wait for two weeks if something happens to happen during that time which just causes the already slow verification process to restart from the beginning. Of course if nobody votes anything then the packager is free to fix additional things since no work is lost, but asking people to qa->test->vote->try-new-release->qa->vote all over again wont go anywhere, as I think we've seen here. Oh and yes, talk is cheap. I would like to give more time to fedora-legacy but I can't under current circumstances so feel free to ignore me'n my ramblings... - Panu - -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
