Re: yum: Critical path update in testing for 4 months?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 6 Dec 2015 12:40:45 -0700, Kevin Fenzi wrote:

> Perhaps. But you are speculating that this is the case here. 
> Unless you have talked to the maintainer and thats what they told you?

I'm not speculating as I didn't claim I know the reason why this
particular Yum update is stuck.

I answered to the general question "what is the reason for maintainers
building updates without the intention to push them?". Knowing that some
maintainers believe the release bureaucracy sucks can be helpful in
understanding [some of] the background.

I still talk to other packages from time to time, and I have learned to be
careful when doing that, because some find it easier to complain about
various things in a private conversation (and leave the project silently)
instead of voicing their opinion in one of Fedora's public places.

> I think it far more likely that this is due to:
> https://github.com/fedora-infra/bodhi/issues/372
> which was/is a bug around the migration from bodhi1 to bodhi2 where
> some updates lost their setting of auto karma. 
> 
> If not that, then perhaps the maintainer wanted to be careful with this
> update for some reason and so wanted to push it manually. 
> 
> The only way to know for sure would be to ask.

Four months is a long time even for an update that is at karma 10 already.
Even if it's Yum, which has been broken before by updates that have been
rushed out too soon. If it fixes any bugs, waiting four months for the
fixes to get out is too long. [And a minor update to some fonts package
is pushed faster and more frequently. ;-)]

More strange, if it's an update that's at karma 0 after four months.
Bodhi forgetting about autokarma cannot be an issue in that case.

It's only a lack of testers and a lack of _another method_ to publish
such updates _automatically_ based on submitter's early request.

> > Fedora's release process is poor and misdesigned and full of problems.  
> 
> I'm sorry to hear you say so.
> 
> Do you have any ideas to improve things? Or would you prefer to
> continue to be a ray of sunshine when others ask for ideas?

What's needed is software developers and policy makers to agree that some
areas are problematic, and to agree on ideas and an agenda. To agree that
the karma system is flawed and things like testers ignoring past votes and
overriding another's -1 with their own +1 should not be possible.

If people in Fedora leadership positions don't consider broken upgrade
paths a problem, and the developers of update release tools don't consider
them problematic either, not much will happen about such issues, for example.
Users will continue to run into downgrades, unresolvable deps, or runtime
breakage. And then there are all those ideas where the only response will
be that patches will be accepted, with the ideas never making it onto a
todo list/agenda.

> > Currently I have two security fixes, which are two months old. Nobody
> > does the needed testing. The karma isn't reached. Nobody ensures that
> > they enter the stable updates repo even with 0 karma.   
> 
> Perhaps you could solicit testers? Either upstream people or on the
> test list or on irc?

Perhaps Fedora is just not popular enough?

How many layers of extra work do you ask for? Imagine that a fix is from
upstream or has been applied and released upstream already. What extra
testing and baby-sitting is needed at Fedora's side even for entirely new
packages?
Remember the period when packagers voted +1 on their own updates. There
still is no way to do that *officially*.  It is still assumed that
packagers test their own update (even if they don't do that in Rawhide,
uh-oh!), but they cannot ask for it to be pushed automatically after X days
other than based on that karma threshold that won't be reached for some
packages ever.

> > Meanwhile, F21
> > has reached end-of-life without anyone making sure to do a last push
> > of security fixes for it.   
> 
> We did do a last push. Just blindly pushing all security updates (if
> they were ready or not) isn't a particularly good idea IMHO. 

Has the security team done anything at all to even push any other security
updates for F21 not blindly? I mean, Fedora packagers receive all those
security related tracker ticket bugzilla spam where the security team
changes ticket fields again and again, but nobody cares that the released
fixes find their way onto the Fedora User's installations?
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux