| 1 |
On Fri, 2006-12-01 at 07:23 +0000, Steve Long wrote: |
| 2 |
> >> Well count me in as a volunteer to help set this up and maintain an x86 |
| 3 |
> >> release. I'm a pretty good coder if that helps. |
| 4 |
> > |
| 5 |
> > There wouldn't be an "x86 release" or anything. It would be the whole |
| 6 |
> > thing. All or nothing. |
| 7 |
> > |
| 8 |
> I hear you- it's the tree that's being released. I guess x86 is the most |
| 9 |
> common architecture anyway, so testers for it aren't gonna be hard to find. |
| 10 |
|
| 11 |
Actually, it depends on what you're testing. For x86, there's much more |
| 12 |
hardware to test, so there's always some problem which couldn't be |
| 13 |
tested for before-hand. When it comes to software, it's usually easier |
| 14 |
to test for, so it depends on the package quite a bit. |
| 15 |
|
| 16 |
Now, we can definitely use help in testing the snapshot. We're going to |
| 17 |
be announcing a new round of "Release Testers" for 2007.0 once we get |
| 18 |
ramped up into the release cycle. I am going to be working with the |
| 19 |
rest of the Release Engineering team to try to come up with some testing |
| 20 |
methodologies for people to use when testing, as well as a standard |
| 21 |
report for successes and failures. |
| 22 |
|
| 23 |
> >> Wrt security updates, is it possible to tie into GLSAs so that we could |
| 24 |
> >> automate updating packages that need it? By updating I mean adding the |
| 25 |
> >> ebuilds and any dependencies (or dependants that might require updating.) |
| 26 |
> > |
| 27 |
> > What were you expecting that we would do? |
| 28 |
> > |
| 29 |
> Lol; exactly that. I guess I was asking how difficult it is to automate the |
| 30 |
> process. |
| 31 |
> |
| 32 |
> Although Andrew wrote that he didn't think it was necessarily the best idea. |
| 33 |
> Why is that? |
| 34 |
|
| 35 |
Well, these sort of things are hard to automate, for one. Second, if |
| 36 |
we're trying to produce a quality product, we want to have some checks |
| 37 |
in place prior to updates hitting the world. Having a set of human eyes |
| 38 |
helps. |
| 39 |
|
| 40 |
> > "or a vulnerable package's dependencies" |
| 41 |
> > |
| 42 |
> Sure, if the update meant the dependencies needed updating too. Again, |
| 43 |
> that'd need automating, so we're talking about checking the tree in both |
| 44 |
> directions (dependencies and dependants in my terms, sorry if I'm using the |
| 45 |
> words wrongly.) |
| 46 |
|
| 47 |
Why does it need automating? We generally don't get more than 10 or so |
| 48 |
GLSA a week. Even doing everything by hand, this would be a very |
| 49 |
minimal workload to keep updated. |
| 50 |
|
| 51 |
-- |
| 52 |
Chris Gianelloni |
| 53 |
Release Engineering Strategic Lead |
| 54 |
Alpha/AMD64/x86 Architecture Teams |
| 55 |
Games Developer/Council Member/Foundation Trustee |
| 56 |
Gentoo Foundation |
Archives