Title: Building a QA Community for Security/SRU Application update testing Summary: Application QA for stable release updates and security updates is technically supported by the ubuntu qa tracker (e.g. http://mozilla.qa.stgraber.org).
However, it turns out to be hard to tap the community to provide feedback for those updates and even harder to get enough community feedback to ensure a constantly high quality of high-risk application updates.
This blueprint covers the required procedures, infrastructure and desktop tools to build a vital community that provides feedback on high-risk SRU/Security updates.
Initial ideas are:
- allow users to subscribe to QA repositories in a prominent place on the desktop (e.g. gnome-app-install dialog)
- provide users with tray notifications when they are running preview packages (e.g. from proposed) for applications supported by the qa tracker
- provide a -proposed archive infrastructure for security updates
- the main use case is for security updates which are pushed to users
- want to receive positive feedback from users also
- for security updates they usually don't have bug report so sending feedback to qa.ubuntu.com is more appropriate than a bug report
- while an SRU has a bug report and feedback should go to the bug report
- How does a user decide to participate?
- adding -proposed is an implicit desire to participate
- using a development release is also implicit
- might also want to consider a meta package which explicitly shows desire to participate, it could be named "iamagoodperson" for example and would install several tools and tests used for QA
- How does someone find out where to give feedback?
- security updates that require prerelease QA should go through -proposed. are there any technical issue in the guts of the archive that might cause problems to do that? (i. e. when uploading directly to -security afterwards with a higher version)
ColinWatson: No, that should generally work fine; but note that we can't copy directly from -proposed to -security until -security is moved to Soyuz, so for the time being you'll have to reupload to -security after testing in -proposed. Also make sure that the QA team knows what's going on so that they don't get confused and think the upload is destined for -updates.
- extend update manager to display packages available for QA.
- update manager queries packages available for testing from qa.ubuntu.com site and displays them to be available for QA if the user has that version installed and the package version is not available in |updates| (aka its only in proposed, or in a PPA); there should be a different notification/tray icon for those