On 04/09/2014 12:14 PM, Matthew Miller wrote:
On Wed, Apr 09, 2014 at 11:44:12AM +0000, "Jóhann B. Guðmundsson" wrote:
>
>On 04/09/2014 11:35 AM, Matthew Miller wrote:
> > * quality assurance (again, ideally someone with security expertise to
> > advise and coordinate, but fast widespread testing at all levels helps)
>You can forget including QA in this since maintainers dont provide
>the testing community with test cases so testers cant quickly
>through test cases for the affected package and provide the
>necessary karma.
I would say the_exact opposite_. We need to emphasize building those test
cases so they are there when needed.
I agree with you but...
Few years back I initiated effort trying to improve reporting and
testing and general efficiently and communication between reporters and
maintainers and actually put some value in the karma process ( have
reporters actually go through some testing process not just fire up the
app and give it karma based on just that ).
That effort involved how to debug and how to test pages in the wiki as
well as finding it's way into the feature process where it still is
amongst other things.
At that time the total size of Fedora was 5k - 6k components ( now we
are 14k - 15k in size ).
And at that time I had requested that it would be a part of packaging
review process and a must for acceptance of packages in the
distribution, which would have allowed us in QA to work with existing
maintainers and slowly gradually play catchup with those existing
components.
That did not fly with FESCo/FPC due to it being to much of a burden on
potential maintainers and a must was changed to a should or rather it
was optional to provide this and now several years later double in size
I can tell without a shadow of a doubt that a zero maintainer has
provided either proper debugging information for the components he
maintained nor test cases.
We are precisely today at the same place with that process as I
abandoned it after realizing that nobody would provide that information.
So unless you come up with a way for maintainers *themselves* to provide
test cases and debugging information for the component *they* maintain,
all this will is remain wishful thinking.
Now I want you to bear the above in mind that everytime that you make
decisions in any governing body in Fedora that is responsible for making
system wide decisions and you serve on, the devastation the outcome of
your vote can lead to and make life more difficult for others in various
service sub-community and the project workflows and result in lower
quality of our distribution hence I ask of you to always thoroughly
familiarise yourself with the topic at hand and what the outcome of it
will be in the long run before casting your vote on it.
But
you are right that having more test cases in advance would help our ability
to respond quickly.
Not only that but provide smoother and more reliable transaction of
packages to the hands of our end user bases.
JBG
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
