Michael Scherer skrev 15.6.2011 15:10:
Le mercredi 15 juin 2011 à 07:55 -0400, Stew Benedict a écrit :
On 06/12/2011 08:25 AM, Angelo Naselli wrote:
In data mercoledì 8 giugno 2011 23:53:51, Ahmad Samir ha scritto:
Right, I probably phrased that one wrongly; I meant:
fixes a serious bug, e.g. crashing, segfaulting
I don't think we should exclude non-serious bugs :)
Depends, overworking the sec team doesn't look like a good aspect...
(that's why I liked contrib in mdv, I could push an update any time,
without having to go though the bug report -> QA -> Sec team loop).
Well here we could stop at QA team step, or at least someone more that can
test and say that the fixing is good...
So,
We've had a lot of discussion, which is good, but imho we need to start
getting some updates out the door. Users are asking for them and the
CVEs just keep rolling in.
As I understand it, the mechanics are in place to issue updates, and
I've put together a page as a first pass at a policy, based on my memory
of how things worked in the past and what I've picked up from the
discussion.
http://mageia.org/wiki/doku.php?id=updates_policy
Randomly, I'm targeting 2 bugs to push through, to test the process:
https://bugs.mageia.org/show_bug.cgi?id=1084 (vde2, app crashes)
https://bugs.mageia.org/show_bug.cgi?id=1521 (subversion, security issue)
Now, first problem is we still don't have a maintainer database, so who
gets the assignment, the person that first imported the package?
Perhaps this is the first change to the policy - maintainer or any
interested packager initiates the update
Sound sensible, yes.
The idea IMHO is not to prevent people for doing the work if they wish,
but if there is no volunteer, it should be the duty of someone, and this
someone is the maintainer.
Now, we do not have a official maintainer db, but the test instance is
still here afaik. So yes, picking someone from the list of person that
committed would do the trick.
BTW, should we have a read-only security/update-announce ml that where
we mail about all updates ?
--
Thomas
