On Wed, Oct 1, 2014 at 5:51 PM, Marcus Meissner
On Wed, Oct 01, 2014 at 05:31:27PM -0300, Claudio Freire wrote:
On Wed, Oct 1, 2014 at 4:16 PM, Dimstar / Dominique Leuenberger
wrote: On Wed, 2014-10-01 at 15:53 -0300, Claudio Freire wrote:
On Wed, Oct 1, 2014 at 3:19 PM, Stephan Kulow
wrote: Am 01.10.2014 um 18:10 schrieb Ludwig Nussel:
Changed packages:
As you might have guessed from the length of a changelog: this was quite a job to get out - but finally bash is secure in official repo.
While that can readily be seen, by the time Factory is considered truly a replacement of TW, perhaps security patches shouldn't need full integration to get in?
I still prefer a security fix going through staging that shooting every system down.. even though a shutdown system is the most secure there is, it's not where we're heading to.
My point is more that, the security team gets a heads-up on patches, and this testing should be done then.
I'm not sure they can publish the patch in OBS during the embargo, though, so it's a tricky thing. But integration testing should be done during the embargo, and the only thing left to do when the embargo finishes is publish to the updates repo that marcus hinted to.
Then, you get two results: building against the latest snapshot, and current Factory. If current factory blows, that doesn't stop them from publishing snapshot. And if you get updated QA runs of snapshot, so you know if things blow.
I believe the trickiest part is respecting the embargo, that's something the security team knows how to resolve I think (they already do it for released versions)
openSUSE Factory and embargoes just do not fit together, as it is fully open.
Local package testbuilds are possible, but not much more.
OBS has private projects, so it can be kept private and link/aggregate the results at embargo finish time. The problem I think currently is openQA, which would need a separate instance working on the private repo - not even sure if it can do that. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org