On Thu, 2004-12-16 at 09:01 +0200, Pekka Savola wrote: > 2) The PUBLISH QA is only obligated to check that the modifications > seem OK -- the sources have not been tampered with, the patches come > from some reliable source or are otherwise OK, the spec file changes > are minor, etc. I agree with this...the binaries provided by the packagers don't reflect the binaries that mach will produce when the packages get pushed to updates-testing, so I don't see the point in looking at them... > 3) the VERIFY QA is obligated to: > - check the GPG signature and checksum of the packages > - install it, run it, test if it works. > - running rpm-build-compare.sh on the binaries to see if there have > been any significant changes (e.g., to the libraries used) rpm-build-compare.sh is usually run after building in mach and before posting to updates-testing. I don't think this should be mandatory for people to give a VERIFY as it will require more work than they will probably be willing to do. That said, if anyone actually does it, it's definitely a plus... > Justification: currently PUBLISH QA is not being done especially for > obscure packages that no one is really using, because it's difficult > to rebuild and install and test them. We need to make this available > to *anyone*, even to those who don't run the Red Hat version in > question. > I agree. > This makes updates-testing a bit more literally "testing", but IMHO > that's not a problem. > Agreed. Marc.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
