Pekka Savola wrote:
Jim Popovitch wrote:
I have to agree with Jesse, there is no way automated testing will
work. There are just too many differing issues from patch to patch.
Jim, you're probably missing the fact that VERIFY QA doesn't include the
steps "test if the patch worked; test if the vulnerability is fixed".
While some folks do perform more rigorous testing, it's not required,
and for a good reason.
Pekka, ;-) You are probably missing the fact that I rigorously test the
patches that affect the platform and rpms that I use (which may be less
than what others use).
Which one is better, not shipping any updates at all (or after months
and months of delays), or shipping "looks good" updates quickly and
fixing them (if issues come up) even faster?
I wholeheartedly agree with your "release in 2 weeks, even if not
tested" stance, as this *does* get the fix into the hands of people in a
timely fashion. I also think that the critical fixes
(ssh/kernel/httpd/etc) get plenty of attention and testing before
release. X11, Mozilla, Fonts, etc., can all fail after upgrade and
everyone still be safe, IMHO.
Aiming for perfection doesn't cut it.
Exactly! Microsoft taught us that. ;-)
Contrary to common beliefs, FL
doesn't have the resources for thorough testing that some vendors have
the luxury of. That's why we employ those vendors' fixes directly :-)
--
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list
