Le lundi 16 mai 2011 à 18:08 +0200, Thierry Vignaud a écrit : > On 16 May 2011 18:05, Ahmad Samir <[email protected]> wrote: > >>> Mageia 1 is approaching quickly and we need to get our process in place > >>> for security updates. We talked a bit about it a few weeks ago, and I > >>> started a wiki page, but it needs more detail. Anne and I chatted on IRC > >>> and it looks like we'll want to cutoff the "on the iso " updates at the > >>> end of this week, so we need a process in place to release post-iso > >>> updates. > >>> > >>> ref: http://mageia.org/wiki/doku.php?id=security > >>> > >>> As I see it, initially we need, in no particular order: > >>> > >>> 1) a means to build updates for the release (iurt setup for mga1?) > >> > >> A iurt setup for mga1 will exist anyway, what is missing is a way to > >> later upload to non public place. > >> Initially, we can just setup youri to restrict submitting a build to > >> updates_testing or updates to the secteam and it should be enough. > >> > > > > Ideally packagers should be able to submit to update_testing when they > > want to push a fixed package to ask for testing. So restricting > > submitting to updates sounds more logical? > > What's more that matches what we were doing back @mdv. > The process was: > - trusted packagers upload into main/testing, > - all packager can upload into contrib/testing, > - ticket (for main/*) is opened & assigned to qa > - people || qa test > - if tests succeed, ticket is assigned to secteam > - secteam rebuild with its own sig & push the package
I would propose the following : - packagers can upload to */updates_testing ( with some limitation and specific check ) - ticket are opened for everything, assigned to QA - people || qa test - if tests are ok, package is moved to */updates I see no need to rebuild again on a different system, as we do not have the ressources. -- Michael Scherer
