[CentOS-devel] Missing security updates

Thu Jul 22 18:29:08 UTC 2010
Charlie Brady <charlieb-centos-devel at budge.apana.org.au>

On Thu, 22 Jul 2010, Karanbir Singh wrote:

> On 07/22/2010 04:25 AM, Gordon Messmer wrote:
> > That could be.  I'm not sure which specific things you're referring to.
> >    I vaguely recall frequent volunteers to engage in the
> > build/test/release process met with the pronouncement that CentOS's team
> > is a meritocracy and that people will be allowed in as they prove their
> 
> Yes, thats about right. The idea of testing stuff within CentOS has a 
> very finite end point. With very few exceptions the only people trying 
> to get onto the testing team are people looking for early access. There 
> have only ever been a small number of people who actually do anything. I 
> would love, more than anything else at this time, to have a large and 
> productive testing team - but one that actually does something.

I don't think the problem here is either the size or the idleness of the 
test team. What are the steps involved in 
building/validating/testing/releasing security updates? I don't know. 
Which steps have been completed and which steps are still to be done. I 
don't know. Is the bottleneck the testing team? I don't think so.

What we do know are that Tru has been unavailable for various reasons and 
Karanbir is "supposed to be covering for him (and doing a bit of a crap 
job at the moment)". These things happen, and I don't wish to attach 
personal blame. But I think it is also useful to acknowledge that these 
are the reasons for the non-released packages, rather than talk about 
testing resources or opportunities for people to contribute to the wiki.

As I stated earlier, I think there is systematic process issue that the 
CentOS project should address. I'm not sure whether you are saying that 
there isn't a problem, or that the problem exists but is not solveable. I 
don't think either response is appropriate. Wouldn't it be more useful to 
admit that there is a problem, and discuss exactly what needs to be done 
to solve it?

[I'm trying to be constructive here, so please don't be defensive. Russ 
can vouch for me. I don't just wish to be spoonfed, and I do know what it 
is like to ask for help and receive little. I just don't see that as the 
problem here.]

---
Charlie