Chris Gianelloni wrote: > Now, we can definitely use help in testing the snapshot. We're going to > be announcing a new round of "Release Testers" for 2007.0 once we get > ramped up into the release cycle. I am going to be working with the > rest of the Release Engineering team to try to come up with some testing > methodologies for people to use when testing, as well as a standard > report for successes and failures. > Well I volunteer for one. I'm guessing you can get someone to post to the forums as and when you're ready to get more volunteers ;)
>> >> Wrt security updates, is it possible to tie into GLSAs so that we >> >> could automate updating packages that need it? By updating I mean >> >> adding the ebuilds and any dependencies (or dependants that might >> >> require updating.) >> > >> > What were you expecting that we would do? >> > >> Lol; exactly that. I guess I was asking how difficult it is to automate >> the process. >> >> Although Andrew wrote that he didn't think it was necessarily the best >> idea. Why is that? > > Well, these sort of things are hard to automate, for one. Second, if > we're trying to produce a quality product, we want to have some checks > in place prior to updates hitting the world. Having a set of human eyes > helps. > I totally understand the process point in terms of QA. As for automation, isn't there an existing system used to process security bugs? >> > "or a vulnerable package's dependencies" >> > >> Sure, if the update meant the dependencies needed updating too. Again, >> that'd need automating, so we're talking about checking the tree in both >> directions (dependencies and dependants in my terms, sorry if I'm using >> the words wrongly.) > > Why does it need automating? We generally don't get more than 10 or so > GLSA a week. Even doing everything by hand, this would be a very > minimal workload to keep updated. > I didn't know the frequency of GLSAs. According to the other thread, not all security bugs warrant an advisory. In any event, I don't see why we shouldn't automate it while we can to save us the tedious workload later. -- gentoo-dev@gentoo.org mailing list