1 |
Chris Gianelloni wrote: |
2 |
|
3 |
> Now, we can definitely use help in testing the snapshot. We're going to |
4 |
> be announcing a new round of "Release Testers" for 2007.0 once we get |
5 |
> ramped up into the release cycle. I am going to be working with the |
6 |
> rest of the Release Engineering team to try to come up with some testing |
7 |
> methodologies for people to use when testing, as well as a standard |
8 |
> report for successes and failures. |
9 |
> |
10 |
Well I volunteer for one. I'm guessing you can get someone to post to the |
11 |
forums as and when you're ready to get more volunteers ;) |
12 |
|
13 |
>> >> Wrt security updates, is it possible to tie into GLSAs so that we |
14 |
>> >> could automate updating packages that need it? By updating I mean |
15 |
>> >> adding the ebuilds and any dependencies (or dependants that might |
16 |
>> >> require updating.) |
17 |
>> > |
18 |
>> > What were you expecting that we would do? |
19 |
>> > |
20 |
>> Lol; exactly that. I guess I was asking how difficult it is to automate |
21 |
>> the process. |
22 |
>> |
23 |
>> Although Andrew wrote that he didn't think it was necessarily the best |
24 |
>> idea. Why is that? |
25 |
> |
26 |
> Well, these sort of things are hard to automate, for one. Second, if |
27 |
> we're trying to produce a quality product, we want to have some checks |
28 |
> in place prior to updates hitting the world. Having a set of human eyes |
29 |
> helps. |
30 |
> |
31 |
I totally understand the process point in terms of QA. As for automation, |
32 |
isn't there an existing system used to process security bugs? |
33 |
|
34 |
>> > "or a vulnerable package's dependencies" |
35 |
>> > |
36 |
>> Sure, if the update meant the dependencies needed updating too. Again, |
37 |
>> that'd need automating, so we're talking about checking the tree in both |
38 |
>> directions (dependencies and dependants in my terms, sorry if I'm using |
39 |
>> the words wrongly.) |
40 |
> |
41 |
> Why does it need automating? We generally don't get more than 10 or so |
42 |
> GLSA a week. Even doing everything by hand, this would be a very |
43 |
> minimal workload to keep updated. |
44 |
> |
45 |
I didn't know the frequency of GLSAs. According to the other thread, not all |
46 |
security bugs warrant an advisory. In any event, I don't see why we |
47 |
shouldn't automate it while we can to save us the tedious workload later. |
48 |
|
49 |
|
50 |
-- |
51 |
gentoo-dev@g.o mailing list |