Re: critical path security update policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You're right, Michael, everything is perfect. No reason to discuss how the situation might be improved, other than blaming me and other users.

I do contribute to Fedora, and to other projects, including some of my own. I contribute through bug reports and testing and code contributions and ideas and other ways, too.

You don't know anything about me. You think my name is "Jerry"? It's not. I value my privacy, so I generate a new alias for almost every instance in which I file a bug report or contact a mailing list, etc. I could be Linus, for all that you know. (I'm not.) I'm willing to go through all that extra effort just to contribute while preserving my privacy.

You are so unbelievably ignorant, I will waste no more time on you. I will be deleting this e-mail account now, as it has served its purpose. Others will either intelligently consider how the processes might be improved, or they'll be like you. It's out of my hands now.

I appreciate whatever contribution you're making, regardless. Farewell!
 
 

Sent: Monday, April 20, 2015 at 11:30 PM
From: "Michael Schwendt" <mschwendt@xxxxxxxxx>
To: "Jerry Bratton" <JerryLBratton@xxxxxxxx>, packaging@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re:  critical path security update policy
On Mon, 20 Apr 2015 22:51:49 +0200, Jerry Bratton wrote:

> >Check out the bodhi ticket! In particular the automated comment from
> >2015-04-18. With the next push it will appear in the updates repo. That
> >is not a matter of minutes, because AFAIK the release process is not fully
> >automatic [yet] and triggered by an admin.
> >
> >Btw, 18 minus 7 is not 17. And IMO you're getting unfair, if you don't
> >take into account the time it takes for package maintainers to prepare
> >updates.
>
> Today is April 20th. Mozilla released the fix April 3rd. Twenty minus three is seventeen.
>

Look at http://koji.fedoraproject.org/koji/packageinfo?packageID=37

Do you want to extend your complaints, because it has taken a few days for
packages to be ready to begin with? April 4th and 5th was a weekend. Build system
lists builds made on April 7th. Update system lists updates entered on April 7th.
That corrects the numbers a bit.

> This is intended to be a discussion about how to reduce the time it takes for security updates to reach users.
>

Currently, as a minimum, positive feedback from _two_ testers can lead
to a security update being released very quickly. Provided that there
is the man-power to prepare builds quickly and enter them in the
updates system quickly. Possibly even during weekends. ;-)

> The figure of 17 reflects the time so far it has taken for this fix on
> Fedora's end.

Look at https://admin.fedoraproject.org/updates/search/firefox[https://admin.fedoraproject.org/updates/search/firefox]

Notice the "Karma" column. Notice the corresponding security update for
Fedora 21. Click on it. Watch the votes and comments.

> I am not trying to be "unfair," I am simply pointing out
> the reality.

Reality could be that Fedora 20 doesn't get as much love anymore as
Fedora 21, does it? Else there would have been one more tester to care
about this security update. Users/testers may have moved on to Fedora 21
or Fedora 22 Alpha/Beta.

> There are any number of bottlenecks that have already
> been mentioned in this thread which are contributing to the 17 day
> wait at Fedora. The 2 day wait (so far) since this was marked stable
> is yet another example. It is my feeling that there is room for
> improvement, which is why I initiated this dialog to explore in what
> ways the process may be improved.

Sure there is room for improvement. That applies to many other areas
as well. I've pointed out how *you* could make a difference _today_ by
speeding up the release of an update rather than sitting and waiting for
others to do all the work.
--
packaging mailing list
packaging@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/packaging





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Forum]     [KDE Users]

  Powered by Linux