On Thu, 2010-07-01 at 06:33 +0200, Kevin Kofler wrote:
> Fedora Legacy has shown how well this works… not!
>
> I completely agree with Ralf Corsepius and Tom Lane on this subject: this
> policy is very unhelpful, and applying it to security updates is just
> totally insane. We're going to see machines compromised because critical
> fixes are getting delayed by brainless technobureaucracy.
Let's put aside the needless, inflammatory rhetoric for just a brief
moment, and actually try to think about ways to solve problems, shall
we?
The main reasons we want to perform testing are things like: to avoid
pushing updates with broken dependencies, or updates that cause serious
regressions requiring manual intervention / emergency update
replacements. That sort of thing.
But your assertion seems to be something like: "This is obviously going
to fail horribly and therefore any testing is a waste of time". Various
reasons for this have been bandied about - "there isn't enough manpower"
and "it's going to slow down updates and make people vulnerable for
longer" are the most prominent ones, as I see it.
Now. For each of these reasons - pro and con - there should be some
things we can actually measure. Turnaround time on security updates, for
instance.
Given measurements of some agreed-upon metrics over time, we can
actually quantify whether or not this policy is a "failure", rather than
just SHOUTING and WAVING OUR ARMS and PREDICTING DOOM and QUOTING
WAYNE'S WORLD at one another.
Therefore: I propose that we choose a few metrics ("turnaround time on
security updates", "average number of live updates with broken
dependencies per day", etc.). Then we begin measuring them (and, if
possible, collect historical, pre-critpath data to compare that to).
I'm willing to bet that these metrics have improved since we started the
critpath policies before F13 release, and will continue to improve over
the course of F13's lifecycle and the F14 development cycle.
In fact, Kevin, given a set of metrics we're both happy with, I'd be
willing to stake my subscription to this list on it - for, say, 3
months. Are you willing to do the same?
-w
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
