I spent some time today to help the QA team to manage those pending
security updates. And for the second time in a week, I've been facing
rather unpleasant attitude from someone else from the same team:
https://bugs.mageia.org/show_bug.cgi?id=5939
I wonder how we're supposed to work together when expressing an opinion
about issues prioritization expose you to harsh comment from someone
unable to express his disagreement without agressivity. That's not much
point ressorting to "we're all in the same boat" kind of metaphor during
IRC meeting to thereafter suggest to leave the board to people
expressing concerns about the boat heading...
So, before any further contribution from my side, I'd like the people in
charge of security updates to find some internal agreement about what
kind of help they expect from other people exactly. If that's just to
push a non-discussable list of changes into spec files, they could as
well ask for SVN commit and package submission rights, to do it
directly. This would avoid a large amount of anger and frustration for
everyone.
You seem to be frustrated by a false assumption. The assumption that
something has changed over the past year of performing QA on security
updates.
It hasn't. We haven't begun doing anything differently and we haven't
started to ask for any more than we have done before, during all that time.
The reason we now have a backlog, which seems to be the cause of the
frustration, is simply because we don't have enough volunteers. That is
not really a reason to begin taking shortcuts, or cut out common sense,
but it is something you can help with.
Our QA workload doubled overnight when Mageia 2 was released. At the
time there were mainly only two of us to perform the task, as there had
been throughout the lifespan of Mageia 1 until that point. One tested
every update x86_64 and one tested every update i586.
As I'm sure you realise, that is nowhere near enough people to perform
QA adequately on two live releases, especially just after release when
many packaging bugs are being fixed. This is on top of having to work
around bug 2317 which is only now beginning to receive attention.
I fully sympathise with the need to concentrate on security updates and
the need to handle them efficiently. Nothing has changed in that regard.
We handle them now the same as we have been doing since last August and
it has never been a problem for anybody. Believe it or not, it is
actually appreciated by most..
We have been trying to recruit new members and with some limited
success. Those new members will hardly be inspired though to volunteer
their time by this type of bullying. I myself would also like to think I
didn't have to purposely avoid certain packagers update requests because
of their aggressive behaviour. That situation would be of no benefit to
anybody.
We always have and will continue to do our best to prioritise security
updates. Unfortunately that has to happen at the expense of bugfix
updates so there are a number of those waiting for our attention. David
has also been pushing for maintainers to get various security bugs fixed
so there has been a bit of an influx for QA to deal with.
This whole issue is being blown wildly out of proportion and it is
really demoralising for those of us who already spend far too many hours
a day actually doing the job.
If you really want to speed things up then please spend some time
helping to shorten the list and lighten the load. We did request help
two weeks ago in the packagers meeting.
You can find the validation procedure here: http://bit.ly/Ne2lPP
and the list of bugs awaiting QA here: http://bit.ly/LZMNhr
Throughout the life of Mageia 1 the QA list was usually between 20 and
40 bugs long, it is now between 40 and 50 bugs long and is hovering
around that point.
These recent attacks are causing even more work for us, which again
helps nobody, and diverts our attention away from where it is really
needed. Also I would point out that having to validate the same package
several times obviously lessens the amount of time we can spend
elsewhere, which compounds the problem.
If the current situation is indeed such an intolerable issue then
perhaps we should think seriously if we currently have the resources to
maintain two active releases or rethink our ability to open backports,
instead of bullying those who are already stretched too thinly.
Regards
Claire
