Quoting Mike McCarty <Mike.McCarty@xxxxxxxxxxxxx>:
Eric Rostetter wrote:
Quoting Mike McCarty <Mike.McCarty@xxxxxxxxxxxxx>:
I have volunteered some time for test if
I will assume you mean the second part of QA, the "verify" step.
Well, perhaps I used the word "test" in a technical sense.
In my background, test means "verification of proper operation".
That is only part of testing. For example, you don't want to release code
which operates properly, but isn't secure (contains a trojan, etc).
Now, here is the real kicker:
You can do the first step of QA (publish votes rather than verify votes)
on ANY system and without compromising the system at all. It only involves
comparing the files to other known files, etc. You don't have to install
anything on the system. So, you can help, within your constraints, if
you choose, by doing the first QA step rather than the second.
Ok, if you can give me more information, I'll be glad to donate some
time.
See http://www.fedoraproject.org/wiki/Legacy/QAPublish and follow the
info there. Do the manditory steps, but skip any optional steps which
you can't do because of disk space, installation, etc.
My own "checklist" reads:
* Download the old (original) package.
* Download the new package.
* Download the original upstream source of the patches, if needed.
* Compare the changelogs:
rpm -qp --changelog old.rpm > old.changes
rpm -qp --changelog new.rpm > new.changes
diff -u old.changes new.changes | grep "^+"
* Compare the file lists:
rpmdiff old.rpm new.rpm
* Compare the files:
mkdir old; (cd old; rpm2cpio ../old.rpm | cpio -i --make-directories)
mkdir new; ( cd new; rpm2cpio ../new.rpm | cpio -i --make-directories)
diff -uNr old new | more
* Compare the patches in the new package to the upstream patch sources.
* If exploit is available:
* test exploit to see if it works.
* build and install new package.
* test exploit to see if it fails.
You don't have to follow the same proceedure though...
Mike
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Go Longhorns!
--
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list