RPM submission procedure

Eric S. Raymond esr at thyrsus.com
Wed Jan 7 23:56:57 UTC 2004 

Warren Togami <warren at togami.com>:
> http://www.fedora.us/wiki/RepositoryMixingProblems
> Due to these reasons fedora.us has always said that we will not 
> coordinate with external repositories.  We never have these package 
> clashes, and our package quality is on the average better.  The drawback 
> here is slower package review and publication.

The bigger drawback is that you don't have an extras repository at all!
It sounds like you may be allowing unattained perfection to become the enemy 
of the good.
 
> >
> >(1) Software compromised for IP reasons must be exiled to livna.org
> >    Repository keepers must agree to comply with a ban list compiled
> >    by Red Hat.
> 
> It already seems to have happened.  It seems that rpm.livna.org is 
> collaborative with a Bugzilla and QA procedure too.

Good, that's a forward step.

> >(2) RPMs must meet Fedora QA standards.  Repository maintainers must
> >    expect their submission, test and build procedures to be audited, 
> >    and will be dropped from the list of authoritative repositories if 
> >    they fail to meet standards.
> 
> We have fedora.us QA standards and nobody else has suggested a full 
> proposal for an alternative, so currently fedora.us is on track for 
> eventally become Fedora Extras around FC2 timeframe.

OK.  Now we're back to my original question...

> >I doubt you'd get any pushback on these requirements.  And the cost of 
> >QA-monitoring these repositories would undoubtedly be lower than the
> >cost of building and maintaining one big repository of your own.  You'd
> >win fairly big on the download costs alone.
> 
> We respectfully disagree with this line of thinking.

OK, that's your call to make and not mine.  Axel Thimm's post and
yours come together to make it clear that I've inadvertently walked
into the middle of a political issue.  That's not where I want to be.

What I do want is a well-defined procedure by which I can drop (for
example) fetchmail point releases into an "official" repository and
have them available for people to apt-get.  

Things I don't care about:

* what the repository is called
* who runs it
* whether it takes RPMs I build or builds its own from metadata and
tarballs that I drop there.

Things I do care about:

* It must be generally accepted as authoritative for people running Fedora.
* It must not require me to do hand-work for each release (that means 
  it can't have an unscriptable web-only interface) 

You have to solve this problem sometime, because there are about 500,000
developers out there with similar needs.  I'm willing to build client
tools like the fedora-submit and bugzilla-submit scripts I've already
done to assist the effort.

What's the path forward?
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

More information about the fedora-devel-list mailing list