On Wed, Apr 11, 2007 at 01:27:36PM -0400, Christopher Aillon wrote: > Axel Thimm wrote: > >consider the amount of money spent on developer time when a one-liner > >security fix applied to an old never-rebuilt package makes it boom at > >run-time. > > The developer time is going to be spent at some point because it went > boom at some point. Potentially it's less time if it went boom three > times and the developer only has to fix it once if he waits. You're not > saving money here, you're just shifting when it's spent. Exactly, all I say (later in the mail) is that fixing the broken package is inevitable, you can choose between fixing it at development time, or during release maintenance time. And since the resources will have to be spend on this either way, why not during the development to deliver a better product? Furthermore *now* during development you have lots of guinea pigs that would go ahead and install the broken bridge-utils (if it really is, still using it as an example), and happily report on anything broken, even expecting something to be broken in a test release. Later the packager that will do the one-line fix will carry the whole responsibility of checking that bridge-utils really builds and works in a 2.6.2x environment all by himself or rush out a broken package update to production systems. In the non-rebuild model you have greater responsibility which even means spending "more money" for longer QA for a one-liner fix. And the results are still poorer than the rebuild-everything-and-see-what- breaks-at-runtime model. More gain for less or equal effort, so it already makes a business case. And you get a better product. -- Axel.Thimm at ATrpms.net
Attachment:
pgpZr3qi3xVSp.pgp
Description: PGP signature
-- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers
-- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
