I like this proposed change.
-Ben
On Tuesday 14 February 2006 14:55, David Eisenstein wrote:
> Here below is my understanding of what has been proposed and (correct me
> if I am wrong) appear to be in the process of being implemented.
>
> Fedora Legacy QA Process Overview w/Proposed Changes
> ----------------------------------------------------
>
> 1. Vulnerability discerned.
> 2. Bugzilla ticket for package and vulnerability (with CVE #) opened.
> 3. Source package(s) for vulnerability proposed.
> 4. People do SOURCE LEVEL ("PUBLISH") QA on the packages and report
> in Bugzilla their findings.
> 5. Once all source packages have been voted for PUBLISH, new
> signed packages are built and both .src.rpm and (.i386|.x86_64).rpm
> packages are pushed to updates-testing. An announcement goes out
> to fedora-legacy-list announcing that packages are ready for testing
> and asking for participation in doing VERIFY QA.
> NOTE: If there are any objections in the PUBLISH QA or if any
> distro does not receive a PUBLISH vote, nothing further is done
> with that package until the issue(s) are resolved.
>
> Old Policy - VERIFY QA to RELEASE:
> 6. If no positive votes happen on binary packages in updates-testing,
> they stay in updates-testing and go no further.
> 7. If one positive vote happens on one distro for pkgs. in updates-
> testing, a 4-week timeout is set. If no further votes happen
> before timeout, then after 4 weeks, all packages are released to
> updates.
> 8. If two or more distro's (but less than all distros) have positive
> votes, the 4-week timeout is reduced to a two-week timeout at the
> time the 2nd distro has a "+" vote. At timeout, all packages are
> released to updates.
> 9. If all distros get "+" votes, binary packages are considered fully
> tested, and can be released to updates straight away.
>
> New (Proposed Policy) - VERIFY QA to RELEASE:
> 6. If no positive votes happen on binary packages in updates-testing,
> they will be released after a 2-week timeout after having placed
> in updates-testing.
> 7. If one positive vote happens on one distro for the pkgs. in updates-
> testing, the 2-week timeout is reduced to 1-week from the point
> of the first positive vote.
> 8. If two or more distro's (but less than all distros) have positive
> votes, the same timeout in step (7) of the new policy applies.
> 9. As in the old policy, if all distros get "+" votes, binary pack-
> ages are considered fully tested and can be released to updates
> right away.
>
> Both policies:
> 10. Packages released to updates from updates-testing are announced
> on fedora-legacy-list and fedora-legacy-announce-list.
>
>
> -David
>
> --
>
> fedora-legacy-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-legacy-list
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
--
"I kept looking around for somebody to solve the problem.
Then I realized I am somebody"
-Anonymous
--
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list
