-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jeff Spaleta wrote: | On Mon, 22 Nov 2004 23:14:54 +0100, Bernd Bartmann wrote: | |>After FC3 final has been released several updates have been pushed out |>to the mirrors and yet again we haven't seen any announcement for some |>of them. Some announcements for FC2 and even FC1 are still missing too: | | | as this list points out, this is a continuing process problem. The | only garunteed engineered solution to prevent this from happening is | to make filing an annoucement text a blocking requirement for | submitting an package as an update. But that will require a level of | automation and red-tape that I don't think anyone inside the fenceline | really wants to or has time to implement. | | It's my understanding that the primary reason these annoucements | aren't making it out the door is that individual maintainers are | simply forgetting to create an annoucement text and submit it to the | annouce list. | | As a compromise, i would like to suggest that a autobug filer script | be created that would file a bugreport against a component if an | update goes unannouced for 3+ days in an effort to make the | individual package maintainer aware of the problem in a timely | fashion. While the summary reports to the public lists are somewhat | useful.... finding a way to poke the individual package maintainers | more directly seems to be needed. All the information needed should | be available from the master mirror.. maybe just parsing the | repository metadata | would be enough. | | And I realize the existance of security issues greatly complicates | when and how information is released. I'm trying to come up with | discreet solution that makes sure annoucements don't fall through the | cracks and are completely forgotten. | | thoughts? is a script designed to automate filing missing update | announcement bugs a realistic and useful way forward?
As such script doesn't seem to exist yet what do think of just opening something like the tracker bug for FC3 where we add all the missing update announcements. This means adding a separate bug to each package without update announcement and using this as an blocker for the tracker bug. If this looks ok to you I can volunteer and add these bugs.
Also I think there should be a central instance (person) that sends out all update announcement. Another thing that I already suggested over a year ago is that all announcements should be GPG signed using a global Fedora or Red Hat key.
Best regards.
- -- Dipl.-Ing. (FH) Bernd Bartmann <Bernd.Bartmann@xxxxxxxxxx> I.S. Security and Network Engineer SoHaNet Technology GmbH / Kaiserin-Augusta-Allee 10-11 / 10553 Berlin Fon: +49 30 214783-44 / Fax: +49 30 214783-46 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBqwtTkQuIaHu84cIRAlU3AJwPt6dvhIEpHcHSES9Ap4jWAiO9QwCfQybl L6dbBF4p4m4wVDWt09wLarM= =iEVA -----END PGP SIGNATURE-----
