[CentOS-devel] Missing security updates

Thu Jul 22 10:33:42 UTC 2010
Karanbir Singh <mail-lists at karan.org>

On 07/22/2010 04:25 AM, Gordon Messmer wrote:
> That could be.  I'm not sure which specific things you're referring to.
>    I vaguely recall frequent volunteers to engage in the
> build/test/release process met with the pronouncement that CentOS's team
> is a meritocracy and that people will be allowed in as they prove their

Yes, thats about right. The idea of testing stuff within CentOS has a 
very finite end point. With very few exceptions the only people trying 
to get onto the testing team are people looking for early access. There 
have only ever been a small number of people who actually do anything. I 
would love, more than anything else at this time, to have a large and 
productive testing team - but one that actually does something.

Opening up the list to public and opening up access to the testing 
repo's and hoping for the best is not only a stupid idea, its also a 
massive waste of resources. But still its the only solution people seem 
to come up with when I pitch this problem to them. So we carry on with 
our solution in place right now -> invite people we know and recognise 
to be people interested in helping. So visibility cluefull people from 
the community here. And dont be mistaken :  plenty have declined. Which 
is fine, everyone has their own agenda and life to live.

And there is plenty of places for new people who have not been involved 
with the project in the past, or any other project for that matter. eg. 
if someone was to step up and maintain a section in the wiki for the 
cluster suite / cluster storage stack included in CentOS - he/she would 
be welcome to join the QA team and help with with that resource and 
setup tests / testing around that resource. Cluster\* is just an 
example, there are millions of other niche's similar to this.

> worth.  The trouble seems to be that no one knows how to demonstrate
> their value.  The CentOS team's workings seem opaque to me.  Since I
> don't know anything about them, I realize that any idea I have about how
> to improve them may be completely invalid.

If you just have generic ideas, I think its best to pass. But if you 
have ideas and are willing to back those ideas up with an offer to 
actually execute at least some part of the work involved with that - 
then this list is the place to be talking about those.

>   However, I think a lot of
> users would be happy if CentOS were as transparent as Fedora, with clear
> written guidelines regarding the project governance and processes.  In
> fact, I think it'd be wonderful to adopt Fedora's guidelines and
> technology as much as possible.

Fedora and CentOS work with and against very different roles, 
background, contributions and even infrastructure. So expecting CentOS 
to get into the same groove as Fedora is'nt even worth thinking about. 
Not at this stage, and not till there are massive changes in what we do, 
how we do it, why we do it and where we do it.

I don't personally see any of those frames changing too far at the 
moment, but then I've been surprised in the past and am quite open to 
being surprised again :)

- KB