On Fri, 2006-12-01 at 07:23 +0000, Steve Long wrote: > >> Well count me in as a volunteer to help set this up and maintain an x86 > >> release. I'm a pretty good coder if that helps. > > > > There wouldn't be an "x86 release" or anything. It would be the whole > > thing. All or nothing. > > > I hear you- it's the tree that's being released. I guess x86 is the most > common architecture anyway, so testers for it aren't gonna be hard to find.
Actually, it depends on what you're testing. For x86, there's much more hardware to test, so there's always some problem which couldn't be tested for before-hand. When it comes to software, it's usually easier to test for, so it depends on the package quite a bit. Now, we can definitely use help in testing the snapshot. We're going to be announcing a new round of "Release Testers" for 2007.0 once we get ramped up into the release cycle. I am going to be working with the rest of the Release Engineering team to try to come up with some testing methodologies for people to use when testing, as well as a standard report for successes and failures. > >> Wrt security updates, is it possible to tie into GLSAs so that we could > >> automate updating packages that need it? By updating I mean adding the > >> ebuilds and any dependencies (or dependants that might require updating.) > > > > What were you expecting that we would do? > > > Lol; exactly that. I guess I was asking how difficult it is to automate the > process. > > Although Andrew wrote that he didn't think it was necessarily the best idea. > Why is that? Well, these sort of things are hard to automate, for one. Second, if we're trying to produce a quality product, we want to have some checks in place prior to updates hitting the world. Having a set of human eyes helps. > > "or a vulnerable package's dependencies" > > > Sure, if the update meant the dependencies needed updating too. Again, > that'd need automating, so we're talking about checking the tree in both > directions (dependencies and dependants in my terms, sorry if I'm using the > words wrongly.) Why does it need automating? We generally don't get more than 10 or so GLSA a week. Even doing everything by hand, this would be a very minimal workload to keep updated. -- Chris Gianelloni Release Engineering Strategic Lead Alpha/AMD64/x86 Architecture Teams Games Developer/Council Member/Foundation Trustee Gentoo Foundation
signature.asc
Description: This is a digitally signed message part