On Wed, Apr 09, 2014 at 11:44:12AM +0000, "Jóhann B. Guðmundsson" wrote:
On 04/09/2014 11:35 AM, Matthew Miller wrote:
> * quality assurance (again, ideally someone with security expertise to
> advise and coordinate, but fast widespread testing at all levels helps)
You can forget including QA in this since maintainers dont provide
the testing community with test cases so testers cant quickly
through test cases for the affected package and provide the
necessary karma.
I would say the _exact opposite_. We need to emphasize building those test
cases so they are there when needed.
It's also why I noted that someone with security expertise is helpful --
they can provide guidance on what to check. Since each security
vulnerability is different, that's probably always going to be valuable. But
you are right that having more test cases in advance would help our ability
to respond quickly.
--
Matthew Miller mattdm(a)mattdm.org <
http://mattdm.org/>