On Sun, 6 Dec 2015 19:52:05 +0100 Michael Schwendt <mschwe...@gmail.com> wrote:
> On Sun, 6 Dec 2015 15:50:10 +0100, Reindl Harald wrote: > > > but what is the reason for maintainers building updates without the > > intention to push them? > > There are maintainers, who dislike a lot of things related to the > release processes. They consider bodhi a pain to use. They would > prefer doing things differently, with less work, and more like > fire'n'forget as how they do it within Rawhide. Perhaps. But you are speculating that this is the case here. Unless you have talked to the maintainer and thats what they told you? I think it far more likely that this is due to: https://github.com/fedora-infra/bodhi/issues/372 which was/is a bug around the migration from bodhi1 to bodhi2 where some updates lost their setting of auto karma. If not that, then perhaps the maintainer wanted to be careful with this update for some reason and so wanted to push it manually. The only way to know for sure would be to ask. > That's also the reason why they release another update while the > previous update has not been pushed yet. And bodhi still cannot > handle that case and sometimes pushes an older package after a newer > package. If what I've read somewhere is true, it isn't easy to fix in > bodhi (or koji) for reasons I don't know. There's a possible fix for this that landed in the last bodhi update. It has to do with bodhi passing a bunch of packages to koji to tag, and koji does not promise the order they will be tagged in. So, bodhi has to know which is "newer" and split the operation up. > > bodhi should punish maintaines with daily mails when a package has > > enough karma or has reached the time to get pushed even without > > karma so that the maintainer has a good reason for push it or > > decide to delete it (with a very good reason) I think daily nag mails are over the top and anoying. > History has shown that attempts at "punishing" maintainers with > so-called "nagmails" doesn't lead to anything good. Automated systems > have a bad habit of sending nagmails when the human knows better. > Then the human decides to filter out the annoying mails. > > Fedora's release process is poor and misdesigned and full of problems. I'm sorry to hear you say so. Do you have any ideas to improve things? Or would you prefer to continue to be a ray of sunshine when others ask for ideas? > Currently I have two security fixes, which are two months old. Nobody > does the needed testing. The karma isn't reached. Nobody ensures that > they enter the stable updates repo even with 0 karma. Perhaps you could solicit testers? Either upstream people or on the test list or on irc? > Meanwhile, F21 > has reached end-of-life without anyone making sure to do a last push > of security fixes for it. We did do a last push. Just blindly pushing all security updates (if they were ready or not) isn't a particularly good idea IMHO. > If I had not released any fixes, nobody > would have reminded me. In other cases, there have been CVE tickets > in bugzilla filed by the security team from Red Hat with nobody > working on fixes for Fedora, not even sending reminders. We need more > thinking humans to make the right decisions. Look at the age of > updates in the updates-testing reports! This is crap 2.0. Yeah, the Fedora security sig has actually been ramping up trying to deal with these. Perhaps you could offer your assistance there? kevin
pgpMAQaqjN5r2.pgp
Description: OpenPGP digital signature
-- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
