I like this proposed change. 

-Ben 

On Tuesday 14 February 2006 14:55, David Eisenstein wrote:
> Here below is my understanding of what has been proposed and (correct me 
> if I am wrong) appear to be in the process of being implemented.
> 
> Fedora Legacy QA Process Overview w/Proposed Changes
> ----------------------------------------------------
> 
>   1.  Vulnerability discerned.
>   2.  Bugzilla ticket for package and vulnerability (with CVE #) opened.
>   3.  Source package(s) for vulnerability proposed.
>   4.  People do SOURCE LEVEL ("PUBLISH") QA on the packages and report
>       in Bugzilla their findings.
>   5.  Once all source packages have been voted for PUBLISH, new 
>       signed packages are built and both .src.rpm and (.i386|.x86_64).rpm
>       packages are pushed to updates-testing.  An announcement goes out
>       to fedora-legacy-list announcing that packages are ready for testing
>       and asking for participation in doing VERIFY QA.
>        NOTE:  If there are any objections in the PUBLISH QA or if any
>         distro does not receive a PUBLISH vote, nothing further is done
>         with that package until the issue(s) are resolved.
> 
> Old Policy - VERIFY QA to RELEASE:
>   6.  If no positive votes happen on binary packages in updates-testing,
>       they stay in updates-testing and go no further.
>   7.  If one positive vote happens on one distro for pkgs. in updates-
>       testing, a 4-week timeout is set.   If no further votes happen
>       before timeout, then after 4 weeks, all packages are released to
>       updates.
>   8.  If two or more distro's (but less than all distros) have positive
>       votes, the 4-week timeout is reduced to a two-week timeout at the
>       time the 2nd distro has a "+" vote.  At timeout, all packages are
>       released to updates.
>   9.  If all distros get "+" votes, binary packages are considered fully
>       tested, and can be released to updates straight away.
>       
> New (Proposed Policy) - VERIFY QA to RELEASE:
>   6.  If no positive votes happen on binary packages in updates-testing,
>       they will be released after a 2-week timeout after having placed
>       in updates-testing.
>   7.  If one positive vote happens on one distro for the pkgs. in updates-
>       testing, the 2-week timeout is reduced to 1-week from the point
>       of the first positive vote.
>   8.  If two or more distro's (but less than all distros) have positive
>       votes, the same timeout in step (7) of the new policy applies.
>   9.  As in the old policy, if all distros get "+" votes, binary pack-
>       ages are considered fully tested and can be released to updates
>       right away.
>       
> Both policies:
>  10.  Packages released to updates from updates-testing are announced
>       on fedora-legacy-list and fedora-legacy-announce-list.
> 
> 
> -David
> 
> --
> fedora-legacy-list mailing list
> fedora-legacy-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-legacy-list
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

-- 
"I kept looking around for somebody to solve the problem. 
Then I realized I am somebody" 
   -Anonymous

--
fedora-legacy-list mailing list
fedora-legacy-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

Reply via email to