On Sun, 6 Dec 2015 12:40:45 -0700, Kevin Fenzi wrote: > Perhaps. But you are speculating that this is the case here. > Unless you have talked to the maintainer and thats what they told you?
I'm not speculating as I didn't claim I know the reason why this particular Yum update is stuck. I answered to the general question "what is the reason for maintainers building updates without the intention to push them?". Knowing that some maintainers believe the release bureaucracy sucks can be helpful in understanding [some of] the background. I still talk to other packages from time to time, and I have learned to be careful when doing that, because some find it easier to complain about various things in a private conversation (and leave the project silently) instead of voicing their opinion in one of Fedora's public places. > I think it far more likely that this is due to: > https://github.com/fedora-infra/bodhi/issues/372 > which was/is a bug around the migration from bodhi1 to bodhi2 where > some updates lost their setting of auto karma. > > If not that, then perhaps the maintainer wanted to be careful with this > update for some reason and so wanted to push it manually. > > The only way to know for sure would be to ask. Four months is a long time even for an update that is at karma 10 already. Even if it's Yum, which has been broken before by updates that have been rushed out too soon. If it fixes any bugs, waiting four months for the fixes to get out is too long. [And a minor update to some fonts package is pushed faster and more frequently. ;-)] More strange, if it's an update that's at karma 0 after four months. Bodhi forgetting about autokarma cannot be an issue in that case. It's only a lack of testers and a lack of _another method_ to publish such updates _automatically_ based on submitter's early request. > > Fedora's release process is poor and misdesigned and full of problems. > > I'm sorry to hear you say so. > > Do you have any ideas to improve things? Or would you prefer to > continue to be a ray of sunshine when others ask for ideas? What's needed is software developers and policy makers to agree that some areas are problematic, and to agree on ideas and an agenda. To agree that the karma system is flawed and things like testers ignoring past votes and overriding another's -1 with their own +1 should not be possible. If people in Fedora leadership positions don't consider broken upgrade paths a problem, and the developers of update release tools don't consider them problematic either, not much will happen about such issues, for example. Users will continue to run into downgrades, unresolvable deps, or runtime breakage. And then there are all those ideas where the only response will be that patches will be accepted, with the ideas never making it onto a todo list/agenda. > > Currently I have two security fixes, which are two months old. Nobody > > does the needed testing. The karma isn't reached. Nobody ensures that > > they enter the stable updates repo even with 0 karma. > > Perhaps you could solicit testers? Either upstream people or on the > test list or on irc? Perhaps Fedora is just not popular enough? How many layers of extra work do you ask for? Imagine that a fix is from upstream or has been applied and released upstream already. What extra testing and baby-sitting is needed at Fedora's side even for entirely new packages? Remember the period when packagers voted +1 on their own updates. There still is no way to do that *officially*. It is still assumed that packagers test their own update (even if they don't do that in Rawhide, uh-oh!), but they cannot ask for it to be pushed automatically after X days other than based on that karma threshold that won't be reached for some packages ever. > > Meanwhile, F21 > > has reached end-of-life without anyone making sure to do a last push > > of security fixes for it. > > We did do a last push. Just blindly pushing all security updates (if > they were ready or not) isn't a particularly good idea IMHO. Has the security team done anything at all to even push any other security updates for F21 not blindly? I mean, Fedora packagers receive all those security related tracker ticket bugzilla spam where the security team changes ticket fields again and again, but nobody cares that the released fixes find their way onto the Fedora User's installations? -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
