Why is the fedora.us (Fedora Extras) repository growing so slowly??

Tue Dec 9 06:54:21 UTC 2003

On Mon, 08 Dec 2003 13:48:17 -1000, Warren Togami wrote:

> Jaap A. Haitsma wrote:
> > Michael,
> > 
> > Don't you think that a "bit of noise" on for instance the fedora-test 
> > mailing list (if that's ok with RedHat) would help.

Well, fedora.redhat.com advertizes fedora-devel-list as one of the
places where to "participate". fedora.us is not official "Fedora Extras",
but at least mentioned at http://fedora.redhat.com/participate/ and
should be considered as sort of a testbed for Fedora Extras.

> > Many people read that list and the probability of somebody interested in 
> > helping out therefore will increase.

"Somebody interested in helping out" would be helping out for some time
already. All the package requests which have the UPDATE keyword set,
should be significantly easier to review.

Package reviews can be turned into team work just fine, provided that
interested people add themselves to a package request bug ticket.

> > Jaap
> 
> Every once in a while I have been doing exactly as you suggest with 
> certain packages that I thought several people would be interested in, 
> but in most cases I get almost ZERO responses.

There also don't seem to be any questions on how the QA process works or
how it could be modified. So either the process is clear or it is
ignored. ;)

> https://bugzilla.fedora.us/show_bug.cgi?id=520
> For example on more than two occasions I have mentioned powernowd,

It's such a small package, it's an ideal candidate for someone's
first package review and approval.

> Packages will sit forever in fedora.us QA if nobody bothers to even 
> comment on them.  And it is not useful to only say "It builds and runs 
> fine for me."

No? ... Highly useful IMO, since it means the packaged software works
for somebody.

Bug reports are equally useful. ;)

> as this says nothing about spec file correctness and the 

"spec file correctness" should be defined more closely.  "spec file
correctness" means nothing, if a piece of software doesn't work.  With
some software packages, it's quite easily possible to make the spec file
look correct, but cause the source tarball to install files into wrong
directories. Boom!

> security of the included sources.

This last item raises the bar for many people, I think, because it is
quite vague about what kind of review you expect. If you see security
issues because powernowd is a daemon running as root, the software should
not have been packaged. If you expect someone to read the single 16 KiB C
source file line by line and verify whether it doesn't contain any
malicious code or whether it doesn't do anything bad in general, well,
that could be reason enough to scare off some people who fear they could
make a mistake with such a small package. If, however, you'd be happy when
somone compared the source tarball MD5 with the upstream release, that
might help. Afterall, in the source you're listed as contributor.

-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20031209/5a094a74/attachment.sig>