FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 04-09-2011, 12:27 AM
Tom Lane
 
Default critpath approval process seems rather broken

For the past several days I've been getting daily nagmails about the
fact that libtiff hasn't been pushed into f13 (example attached).
Because it's a critpath package, I as the lowly maintainer do not have
privileges to push it stable, not even after two weeks. Those who do
have privileges to approve this sort of thing evidently are paying no
attention to f13 packages, not even security bugs on critpath packages.

I will refrain from ranting, and just point out that something is
pretty darn broken about this process. Why are the nagmails going
to someone with no power to fix the problem? Shouldn't somebody
with approval power be paying more than zero attention to older
branches?

regards, tom lane


------- Forwarded Message

Date: Sat, 09 Apr 2011 00:00:43 +0000
From: updates@fedoraproject.org
To: tgl@redhat.com
Subject: [Fedora Update] [CRITPATH] [old_testing_critpath] libtiff-3.9.4-4.fc13

The critical path update for libtiff-3.9.4-4.fc13 has been in 'testing' status for over
2 weeks, and has yet to be approved.

================================================== ==============================
libtiff-3.9.4-4.fc13
================================================== ==============================
Update ID: FEDORA-2011-3827
Release: Fedora 13
Status: testing
Type: security
Karma: 0
Bugs: 684939 - CVE-2011-1167 libtiff: heap-based buffer overflow in
: thunder decoder (ZDI-11-107)
: 684007 - libtiff fails to decode some G4 images
: correctly
: 678635 - CVE-2011-0192 libtiff: buffer overflow in
: Fax4Decode
Notes: Fix incorrect fix for CVE-2011-0192 Add fix for CVE-2011-1167
: Fix buffer overrun in fax decoding (CVE-2011-0192) as
: well as a non-security-critical crash in gif2tiff.
Submitter: tgl
Submitted: 2011-03-21 20:38:28
Comments: bodhi - 2011-03-21 20:38:42 (karma 0)
This update has been submitted for testing by tgl.

bodhi - 2011-03-22 18:53:10 (karma 0)
This update has been pushed to testing

https://admin.fedoraproject.org/updates/libtiff-3.9.4-4.fc13

------- End of Forwarded Message
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 04-09-2011, 12:43 AM
Will Woods
 
Default critpath approval process seems rather broken

On Fri, 2011-04-08 at 20:27 -0400, Tom Lane wrote:

> I will refrain from ranting, and just point out that something is
> pretty darn broken about this process. Why are the nagmails going
> to someone with no power to fix the problem? Shouldn't somebody
> with approval power be paying more than zero attention to older
> branches?

They *are* paying attention. Testers get the same nagmails you do.

In fact, there's plenty of approvers available, but you're not engaging
with them. They might not know how to test libtiff, or what needs
testing, so other stuff gets tested first.

The solution is simple: ASK FOR HELP. Pop into #fedora-qa or ask on the
test list. Give some details about what needs to be tested (and how to
test it) and it'll be sorted out very quickly.

Updates get approved much faster when the maintainer bothers to engage
with the testers. This should surprise no one. Fedora is made of people,
isn't it?

The only thing broken here is the expectation that testing doesn't
require your assistance, or isn't your problem.

-w

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 02:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org