1 |
On Fri, 2006-12-01 at 07:23 +0000, Steve Long wrote: |
2 |
> >> Well count me in as a volunteer to help set this up and maintain an x86 |
3 |
> >> release. I'm a pretty good coder if that helps. |
4 |
> > |
5 |
> > There wouldn't be an "x86 release" or anything. It would be the whole |
6 |
> > thing. All or nothing. |
7 |
> > |
8 |
> I hear you- it's the tree that's being released. I guess x86 is the most |
9 |
> common architecture anyway, so testers for it aren't gonna be hard to find. |
10 |
|
11 |
Actually, it depends on what you're testing. For x86, there's much more |
12 |
hardware to test, so there's always some problem which couldn't be |
13 |
tested for before-hand. When it comes to software, it's usually easier |
14 |
to test for, so it depends on the package quite a bit. |
15 |
|
16 |
Now, we can definitely use help in testing the snapshot. We're going to |
17 |
be announcing a new round of "Release Testers" for 2007.0 once we get |
18 |
ramped up into the release cycle. I am going to be working with the |
19 |
rest of the Release Engineering team to try to come up with some testing |
20 |
methodologies for people to use when testing, as well as a standard |
21 |
report for successes and failures. |
22 |
|
23 |
> >> Wrt security updates, is it possible to tie into GLSAs so that we could |
24 |
> >> automate updating packages that need it? By updating I mean adding the |
25 |
> >> ebuilds and any dependencies (or dependants that might require updating.) |
26 |
> > |
27 |
> > What were you expecting that we would do? |
28 |
> > |
29 |
> Lol; exactly that. I guess I was asking how difficult it is to automate the |
30 |
> process. |
31 |
> |
32 |
> Although Andrew wrote that he didn't think it was necessarily the best idea. |
33 |
> Why is that? |
34 |
|
35 |
Well, these sort of things are hard to automate, for one. Second, if |
36 |
we're trying to produce a quality product, we want to have some checks |
37 |
in place prior to updates hitting the world. Having a set of human eyes |
38 |
helps. |
39 |
|
40 |
> > "or a vulnerable package's dependencies" |
41 |
> > |
42 |
> Sure, if the update meant the dependencies needed updating too. Again, |
43 |
> that'd need automating, so we're talking about checking the tree in both |
44 |
> directions (dependencies and dependants in my terms, sorry if I'm using the |
45 |
> words wrongly.) |
46 |
|
47 |
Why does it need automating? We generally don't get more than 10 or so |
48 |
GLSA a week. Even doing everything by hand, this would be a very |
49 |
minimal workload to keep updated. |
50 |
|
51 |
-- |
52 |
Chris Gianelloni |
53 |
Release Engineering Strategic Lead |
54 |
Alpha/AMD64/x86 Architecture Teams |
55 |
Games Developer/Council Member/Foundation Trustee |
56 |
Gentoo Foundation |