On 10/31/2010 03:18 AM, Michael Schwendt wrote: > On Sun, 31 Oct 2010 04:37:38 +0100, Kevin wrote: > >> Martin Stransky wrote: >>> there's a new Firefox update waiting in Bodhi and we can't push it to >>> stable because of new rules. We recommend you to update to it ASAP as it >>> fixes a public critical 0day vulnerability >>> (https://bugzilla.mozilla.org/show_bug.cgi?id=607222). >> >> Looks like the F13 build got karma quickly enough to land directly in stable >> after all, the F12 build, on the other hand, was stuck in testing for 2 days >> before finally making it out to stable. Yet another blatant example of >> failure of the Update Acceptance Criteria, needlessly exposing our users to >> critical vulnerabilities. >> >> (And no, by giving yet another special exception to Firefox wouldn't be a >> solution. ;-) This problem can hit any other app as well.) >> >> Kevin Kofler > > Okay, feedback time. > > Lately, there have been several attempts at urging proventesters (and not > just testers in general) to give positive karma for aging critpath updates. > It also has been decided by someone (or maybe even a comittee) to spam > proventesters daily with "[old_testing_critpath]" messages for all three > dist releases, with no day to unsubscribe from that (other than leaving > proventesters group, which is what at least one person has threatened with, > or filtering those messages). > > Dunno about other testers (and there aren't many yet), but I have abandoned > F-12 long ago due to lack of time when F-13 became the one to use on a daily > basis. And some time before F-14 Beta, my desktop has been switched to boot > F-14 by default. That's the only opportunity to evaluate F-14 early and > possibly find issues prior to its release. On the contrary, most of Fedora's > users will wait for the final release, and many users will wait even longer. > It's highly likely that bugzilla can confirm that. > > F-14 is the the only way forward, and don't like to spend time on F-13 and > older anymore. That also applies to packagers I maintain or monitor. I simply > don't see the user base [target group] anymore. > > About positive karma in bodhi, I don't feel comfortable signing off > arbitrary updates just because they didn't crash for me after five > minutes. With some updates, regression has slipped through already. > And the more bugs an update addresses with either patches or a version > upgrade, the more careful I would like to be when testing something. > Also, in my book, an update working on F-14 may still malfunction on an > older dist release due to differences in dependences and the core setup. I > still don't understand why some non-security updates are rushed out with > sometimes not even the package maintainer(s) having tested them at all. I am willing to work with the older, still supported, distros, but would really appreciate test cases since most of the critical-path bugs the update addresses are not common and I haven't run into them. That said, if the update remains without karma, the release is within a month of end-of-life, then the update could be left in updates testing and docs changed to provide a warning. I don't think there would be that much impact on storage to keep an updates-testing repo around on the mirrors that choose to provide the release. Most just delete the release anyway. Regards, OldFart -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
