[CentOS-devel] Re: testing / qa process

Thu Oct 19 22:30:47 UTC 2006
R P Herrold <herrold at owlriver.com>

> Karanbir Singh wrote as to:
>> The strategy to release testable rpms to dev.centos.org

On Fri, 13 Oct 2006, Rex Dieter wrote:
> Instead of blocking on (lack-of) feedback, I'd suggest 
> considering something like:
> 1.  Put pkgs in "testing"
> 2.  If no bugs reported after X days/weeks, move out of 
> testing
>
> At least this way nothing gets perpetually stalled in testing.

Yikes.  To torture the truism, 'An absence of evidence is not 
evidence of an absence' of problems.

Not to put too fine a point on it, but how is automatic 
promotion out of 'testing' into a chain _desireable_ in an 
enterprise oriented operating environment?

Clearly some so called 'admin's' will clearly implicitly trust 
anything (ie., look at the constant traffic into mailing lists 
for distributions where 'yum' is an available updater with 
horrific collections of random archives enabled).  Why take 
the reputational risk here?

It may be proper for Red Hat's Fedora, as it has evolved (the 
firestorms I see regularly erupt on fedora-devel make me doubt 
this, but ... those participating there without an @redhat.com 
available to them are all volunteers), but not here.  Putting 
aside stability or security issues, something as simple as 
added support load makes me want to avoid anything with an 
'official' CentOS addon status.  The 'Enemies of Carlotta' 
missed conflict thread I saw today reaffirms my doubt that 
auto-promotion works based on _assumed_ safety.

My solution, as to my archive of packagings, is simple -- Very 
general SRPM's exist, and a person who cannot solve a build 
environment and BuildRequires, (which is documented at my 
site, along with several other sites which I have contributed 
to over the years) is probably not going to use my packagings.

When I get a report, I address it.  I do not undertake to 
warrant to any anonymous FTP user, any ongoing (nor even 
present) security, functionality, or other pedigree to the 
packagings.  Indeed, I have marked certain unsafe ones as I 
have re-encountered them.  This makes the maintenance load 
manageable.

I have worked on outlines thinking through some of the issues, 
on building a trustable, and 'vetted' submitted package 
infrastructure a couple of times.  All of the plans fall apart 
on the relatively low reward for testing compared with the 
rather high and ongoing load of doing it 'right' and safely.

Before the divergence of cAos and CentOS we were discussing 
these matters:
 	http://www.herrold.com/caos/QA-requirements.txt
and earlier, before Red Hat's takeover of fedora.us, I had 
posted this into fedora.us's former mailing lists (the former 
mailing list host: videl.ics.hawaii.edu no longer responds) :
 	http://www.owlriver.com/projects/packaging/fedora-flow.txt
[That latter document provoked Warren for what I considered 
irrational reasons.]

In part CentOS works because it has limited itself to being a
relatively strict rebuild effort.

-- Russ Herrold