|
Top-level
 @fionafokus It's and interesting read, and yet another example of lack of testing of the product before release. I'm not saying all bugs would be eliminated but there are many, some very trivial, that would never have made it through any kind of testing. Also disappointing that common practice was not adhered to in the way security reporting/fixing was handled by the developer. Exposing risk to the community unnecessarily. Great article. 6 comments
  @fionafokus @daj @draNgNon there is that activitypub test suite which also received sovereign tech fund money weee  oh it ... didn't cross my mind someone would put software out there for others to use and contribute to without automated testing to ensure it would continue to enjoy being functional I was interpreteing "any kind of testing" to mean more like QA (or I guess in the UK, they call is QC)  @draNgNon @daj @fionafokus yeah technically a good idea but based upon my own experience trying to work with that project - it falls apart even earlier. To give you a lil example. The frontend code used to be compiled and pushed into the repo by the one and only dev of this. Combining this with a beoken build process on "main" for over half a year - there was a lot of complied frontend code checked in and that was actually not matching the source alongside... ...i'm a release engineer. these problems, i understand and mentally associate with startup culture, which i guess is appropriate here. |
Napping.Synth.Download
@daj @fionafokus
(sort of side question, but my curiosity is sparked)
how is that sort of thing handled usually, in open source? do maintainer groups have dedicated testers or do they rely on the broader community?
obviously for something with this many users, they should not rely on just their users especially for this flavour of issue.