On 07/11/2017 04:21 PM, Michael Palimaka wrote: > On 07/12/2017 12:15 AM, Kristian Fiskerstrand wrote: >> On 07/11/2017 04:13 PM, Kristian Fiskerstrand wrote: >>> On 07/11/2017 03:47 PM, Michael Palimaka wrote: >>>> The main risk of breakage of a package moving from testing to >>>> stable is always at build time anyway. >>> >>> citation needed >>> >> >> Anecdotal evidence against, currently gnupg 2.1.21 scdaemon bug will >> happily sign a third party public keyblock's UID using signature subkey >> on smartcard, which results in useless signature that doesn't have any >> effect, but the application builds fine. >> >> This means gnupg 2.1.21 is not a candidate for stabilization, but it >> certainly builds fine. >> > > Stop trolling - you know perfectly well that this sort of issue would > never ever be caught during arch testing. Nor should it be - it's called > *arch* testing for a reason.
That presumes that the maintainer is the one calling for the stabilization, and it is not an automated procedure simply due to 30 days in ~arch. In this particular case, look for the number of bug reports filed in Gentoo for the issue. But the main risk is certainly not built testing, it is breaking operational live stable systems. Nowhere was it claimed that the arch testers are responsible for it, but it certainly doesn't coincide, at any point, with "The main risk of breakage of a package moving from testing to stable is always at build time anyway." -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
signature.asc
Description: OpenPGP digital signature
