Re: The Future of the Java Stack (also regarding ELN and RHEL)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 11 Sep 2020 at 09:54, Tomasz Torcz <tomek@xxxxxxxxxxxxxx> wrote:
>
> On Fri, Sep 11, 2020 at 10:16:02AM +0200, Mikolaj Izdebski wrote:
> > You get a side tag in Koji where you can have private build-only
> > dependencies that are discarded (filtered) once they are no longer
> > needed, after module build is done. For build-only packages most of
> > security vulnerabilities are not exploitable easily, or at all,
> > therefore are low-severity, which greatly limits maintenance work
> > required to address them. For example, if upstream tests are ran on an
> > obsolete, 12-years old version of Tomcat, I don't need to skip tests,
> > but I can package old Tomcat and run the tests.
>
>   Whoha! Let's step back for a minute and look at this example.
> What are the reasons to run tests?  To make sure the package will run
> correctly..
> Why run tests on 12-years old version instead of on current one?
> Probably because tests fail on current version?

No, not at all. It's not that the tests fail on newer versions (it
probably just needs a servlet container environment) but that this is
the version of tomcat that was current when the test fixtures were
written. Tomcats' changing embedding APIs in no way invalidate tests
performed in a standards-compliant servlet container environment.

>
>   Will the end user run the package on obsolete Tomcat or on the current one?
> Of course on the current one. The one on which tests fail.
> Tests in this case are worthless, they are not testing the real
> situation. Disabling tests is no worse than testing on obsolete version.
> Relying on such tests is a disservice for the end user.
>
>   The point of testing is to validate code in real situation.
> Crafting special, unrealistic environment (12 years old Tomcat) just to have
> test pass is missing the point of tests.
>
> --
> Tomasz Torcz               There exists no separation between gods and men:
> tomek@xxxxxxxxxxxxxx       one blends softly casual into the other.  — Frank Herbert
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx



-- 
Mat Booth
http://fedoraproject.org/get-fedora
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux