On Wed, Jun 30, 2010 at 8:37 PM, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 06/30/2010 03:29 PM, Tom Lane wrote: >> Will Woods <wwoods@xxxxxxxxxx> writes: >>> On Wed, 2010-06-30 at 15:04 -0400, Tom Lane wrote: >>>> Yes I can. I have two critpath packages that are in testing with >>>> security bugs, both pretty small and easy to test, and both still have >>>> karma zero. That seems to me to be adequate proof that there's not the >>>> manpower out there to do this. >> >>> Have you actually asked anyone to test it? Or even considered >>> *mentioning the names of the packages* so maybe someone here could help? >> >> I mentioned libtiff in my first comment in this thread. The other one >> is libpng. But in any case, are maintainers supposed to have to scare >> up testers on their own? Especially for packages that are supposed to >> be so central as to be critpath? If there aren't testers coming out of >> the woodwork, this scheme is doomed to failure. >> >> regards, tom lane > > > A suggestion: when critical path updates hit updates-testing, a > notification should go to both devel@xxxxxxxxxxxxxxxxxxxxxxx and > qa@xxxxxxxxxxxxxxxxxxxxxxx to encourage testing. I think a daily digest to test@ and qa@ would be better, I'm sure the last thing people need is more than one extra email a day. If its a security issue maybe an individual email would be worthwhile but even then there's only one push a day. Peter Peter -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
