Re: 1-2-3 out, time for FC2?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Quoting Mike McCarty <Mike.McCarty@xxxxxxxxxxxxx>:


Eric Rostetter wrote:

Quoting Mike McCarty <Mike.McCarty@xxxxxxxxxxxxx>:


I have volunteered some time for test if


I will assume you mean the second part of QA, the "verify" step.


Well, perhaps I used the word "test" in a technical sense.
In my background, test means "verification of proper operation".


That is only part of testing.  For example, you don't want to release code
which operates properly, but isn't secure (contains a trojan, etc).


Now, here is the real kicker:

You can do the first step of QA (publish votes rather than verify votes)
on ANY system and without compromising the system at all.  It only involves
comparing the files to other known files, etc.  You don't have to install
anything on the system.  So, you can help, within your constraints, if
you choose, by doing the first QA step rather than the second.


Ok, if you can give me more information, I'll be glad to donate some
time.


See http://www.fedoraproject.org/wiki/Legacy/QAPublish and follow the
info there.  Do the manditory steps, but skip any optional steps which
you can't do because of disk space, installation, etc.

My own "checklist" reads:

* Download the old (original) package.
* Download the new package.
* Download the original upstream source of the patches, if needed.

* Compare the changelogs:
        rpm -qp --changelog old.rpm > old.changes
        rpm -qp --changelog new.rpm > new.changes
        diff -u old.changes new.changes | grep "^+"
* Compare the file lists:
        rpmdiff old.rpm new.rpm
* Compare the files:
        mkdir old; (cd old; rpm2cpio ../old.rpm | cpio -i --make-directories)
        mkdir new; ( cd new; rpm2cpio ../new.rpm | cpio -i --make-directories)
        diff -uNr old new | more
* Compare the patches in the new package to the upstream patch sources.

* If exploit is available:
        * test exploit to see if it works.
        * build and install new package.
        * test exploit to see if it fails.

You don't have to follow the same proceedure though...


Mike


--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list
[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux