Le lundi 28 mai 2012 à 12:57 -0400, Paul Wouters a écrit : > Hi, > > I've recently had release updates to two packages with CVE issues in > then. A few weeks ago, pidgin-otr needed a lot of me prodding people > to try it and give karma to get the security update out. Right now, my > socat CVE security releases sits in all four branches with no karma after > four days. > > Is there something we can do to make these security updates move faster? > > Perhaps a new mailinglist that just announces the security releases, to > remind people to test them and give karma. > > Perhaps a gui app for people running post latest full release fedora > installs that checks if some software you are using is in need of karma? I would take this road. in fact, one issue I have with update is that to see if there is something interesting to test, I go to : https://admin.fedoraproject.org/updates/F17/testing First page is usually useless for this task, packages are not signed and not on mirror either, and I prefer to take the easiest road of using yum. 2nd page is having the same problem usually, so i need to start looking at the 3rd page to see testable packages but sometimes not. Then I need to look at every package, see if there is one that I can test either because it sound interesting, or because I use it. If the package is new, I click on it see the update, and then click again on the package name, to get to a page where i click to see a list of update, and a list of link, and one to the description of the package either pkgdb, or community. And if I want to see the website of the package, i need to google. That's too much click just to see something to test. And I still didn't installed it yet, and due to various mirrors lag, it sometimes doesn't work and so I forget. The same goes for any notification list or for bugzilla. When I receive notification, the package is not yet installable, so I forget. So yes, there need to have a way to connect people that care of a software up to the point of testing it, and karma. Being able to say "warn me if there is a new package to test of $FOO", and having a notification ( popup, email, whatever ) would surely help. And a reminder to give karma ( again, a popup after 1 day, saying "have you tested this, does it work [yes] [ask me later] [do not ask me again] ", something like fedora-easy-karma would be enough ) Taking only in account package in updates-testing indexes, this would remove the mirror lag issue. -- Michael Scherer -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
