On Wed, 2005-04-27 at 00:49 -0400, Matthew Miller wrote: > Then we need to try and get infrastructure into place to make it not be a > lot more work. Can you help me figure out exactly where the more work might > be? Multiple bugzilla entries will be a bit more work, but because of the > clone bug feature, I don't think it's a lot more. And there's a little more > work on the mail announcement front, but that's mostly templates and cutting > and pasting anyway. > It's pretty much 4 times more work... Well, we'll have to cut&paste and send out 4 advisories instead of 1. And each advisory will have to be a little different to reflect the actual security issue each release has, instead of just lumping them all in the same one even if certain issues didn't affect a particular release. We'll need to decide what we will do with the advisories we post to Bugtraq and Full Disclosure lists. Do we post 4 advisories to them for each bug? Do we wait until packages for every platform come out before posting a consolidated advisory to them? Do we just drop posting to Bugtraq and Full Disclosure alltogether? All this is to solve the problem of not having enough volunteers to QA and VERIFY packages. Shouldn't we be looking for more people to help out instead of increasing the workload to try and get a few things released faster? > Now, if one update is really basically available but the others aren't, it's > some amount of work to look through a bug's history and figure that out. I > think that simplifying that will make it easier to bring more people into > working on QA. With the QA whiteboard tags, it's really easy to figure out. Take a look at Dom's links page: http://www-astro.physics.ox.ac.uk/~dom/legacy/issues.txt Marc.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list