[maemo-developers] maemo-developers Digest, Vol 59, Issue 25

From: Attila Csipa maemo at csipa.in.rs
Date: Fri Mar 26 13:53:43 EET 2010
On Thursday 25 March 2010 20:34:40 Urho Konttori wrote:
> I would propose the following as the first step to improve the support for
> the community developers:
> if a component X has been successfully promoted to extras once, when there
> is an update from the same developer for this component, it will gain the
> access to enter extras automatically (so, developer still needs to press
> the magic button). This is to make it somewhat sane to do updates of the
> apps as well as to have testing concentrate on the new content and not have
> to test ukeyboard kb layouts for the 10th time in the month because some
> key had been moved to different position in arabic vkb (I like far fetched
> examples, a build fault in me).

Indeed, the initial effort was a lot more idealistic, but then pragmatism is 
catching up with us, slowly but surely :) There is already a suggestion 
in-place for 'fast promoting' things, but that is still not the real deal. 
Since there is no  really universal versioning nomenclature, the 'complicated 
way' of doing this is to have a simple radio button element for promoting 
things to testing which would signalize what the new package is. If it's is 
just a bugfix update (an answer maybe to issues raised previously for the 
very same package), it would perhaps make sense to avoid resetting karma and 
the quarantine clock. If it's a minor update, it could mean (a possibly 
shorter?) quarantine, but certainly a more lax karma requirement. Or, if 
declared as a major update, it would be treated as such. There is a 
significant question of how to minimize potential abuse (whether as attempts 
to 'game the system' or simply because of frustration due to lack of active 
testers). Not presenting this as a definite solution, of course, just a 
general idea, the topic obviously needs further discussion.

> All security comments are insane in my opinion. If some person really wants
> to be evil, there is nothing in our process that would block that except by
> accident.

I would rather say that it's more of a formulation issue. It would be more 
correct to say that a *known* or *detected* security flaw is a blocker. 
Passing Extras-testing is not equivalent to a security audit - it just means 
there is no glaring security issue known at the time. I can't say I would be 
happy on thumbing up an application is discovered to, say, set a default root 
password (I'm good at far fetched examples, too ;) 

Regards,
Attila
More information about the maemo-developers mailing list