Jeff Spaleta wrote:
On Tue, Dec 9, 2008 at 8:43 AM, Colin Walters <walters@xxxxxxxxxx> wrote:
I think the simplest would have requiring pushes direct to stable for
core packages (defining "core" as "anything installed by default on
the Desktop or Service livecd images") need some sort of signoff,
possibly from multiple people.
Did you really have to use the word "core"? I think everything on the
Desktop live image is probably way too broad. Does all Desktop Live
functionality need to be protected? Or do we need to safeguard package
updating functionality specifically?
Anything that is likely to be difficult/impossible to recover from
deserves special consideration, but really the process should just make
it difficult to skip the updates-testing step. If something is
important enough security-wise that it can't spend the usual amount of
time in testing then it is important enough to get at least a couple of
people to agree that it is both necessary and safe. If things that
have been in testing for some time break then you are sort-of justified
in blaming someone else...
But, as I've mentioned before, I think you'd get much better public
participation in testing if yum could do repeatable updates. That is,
I'm only interested in testing exactly the update that I will later do
on my own more critical machine(s) and I'm not interested enough to
maintain my own mirrored repository which is currently the only way to
get exactly the same set of programs installed on 2 different machines
at different times. I'd probably dedicate a test machine or at least a
vmware image and I suspect many others would too if they knew they could
reproduce what they were testing with a simple update command on the
more important machines.
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
