RPM submission procedure

Warren Togami warren at togami.com
Thu Jan 8 00:49:51 UTC 2004 

Eric S. Raymond wrote:
>> http://www.fedora.us/wiki/RepositoryMixingProblems Due to these
>> reasons fedora.us has always said that we will not coordinate with
>> external repositories. We never have these package clashes, and our
>> package quality is on the average better. The drawback here is
>> slower package review and publication.
> 
> 
> The bigger drawback is that you don't have an extras repository at
> all! It sounds like you may be allowing unattained perfection to
> become the enemy of the good.
> 

Huh?

fedora.us is all about providing add-ons for Red Hat Linux, and now 
Fedora Core.  (Well and also now Legacy, community developed security 
backport update packages for the older distributions.)


>>>(1) Software compromised for IP reasons must be exiled to livna.org
>>>   Repository keepers must agree to comply with a ban list compiled
>>>   by Red Hat.
>>
>>It already seems to have happened.  It seems that rpm.livna.org is 
>>collaborative with a Bugzilla and QA procedure too.
> 
> 
> Good, that's a forward step.

And they seem to be using the exact same QA procedure that fedora.us uses.

>>>I doubt you'd get any pushback on these requirements.  And the cost of 
>>>QA-monitoring these repositories would undoubtedly be lower than the
>>>cost of building and maintaining one big repository of your own.  You'd
>>>win fairly big on the download costs alone.
>>
>>We respectfully disagree with this line of thinking.
> 
> 
> OK, that's your call to make and not mine.  Axel Thimm's post and
> yours come together to make it clear that I've inadvertently walked
> into the middle of a political issue.  That's not where I want to be.

Unfortunately this is true of our current situation.

> 
> What I do want is a well-defined procedure by which I can drop (for
> example) fetchmail point releases into an "official" repository and
> have them available for people to apt-get.  

apt-get may be a problem, given that there is great resistance within RH 
to including apt-get within FC.  That resistance is weakening though. 
Resistance is futile. <evil grin>

There used to be seemingly good arguments against apt... like the use of 
--nodeps (which truly was not a problem).  But now the latest apt uses 
native rpmlib, so that argument is gone.  There are also benefits like 
this (quoting Panu Matilainen):
>> I have experienced yum being EXTREMELY SLOW compared to apt when 
>> calculating a huge amount of dependencies, for example.
> 
> Indeed. Just calculating the dependencies of RH 9 -> FC 1 upgrade (no
>  actual upgrade done, all headers, pkglists etc local) on my PIII
> 500Mhz testbox takes apt: 10 seconds yum: ~50 *minutes*

http://linux.duke.edu/projects/metadata/readme.metadata
Fortunately though rpm-metadata is in the process of standardizing, and 
that will further reduce resistance to including apt since the same 
mirrors will work for apt, yum, or up2date.  The question now is if apt 
and the other clients will have it fully implemented in time for FC2 
inclusion.  HELP THEM!!!


ESR wrote:
> Things I don't care about:
> 
> * what the repository is called
> * who runs it
> * whether it takes RPMs I build or builds its own from metadata and
> tarballs that I drop there.
> 

This is good.

> Things I do care about:
> 
> * It must be generally accepted as authoritative for people running Fedora.

It is already clearly understood that fedora.us will become Fedora 
Extras at some point.

> * It must not require me to do hand-work for each release (that means 
>   it can't have an unscriptable web-only interface) 
> 
> You have to solve this problem sometime, because there are about 500,000
> developers out there with similar needs.  I'm willing to build client
> tools like the fedora-submit and bugzilla-submit scripts I've already
> done to assist the effort.
> 

My greatest concern here is that I question the efficacy of any such 
client.  I can see how a XML-RPC client can used a template based 
approach in submitting new packages within a new Bugzilla report, or 
submitting a package update to an existing Bugzilla report, but 
otherwise I don't see it being very useful.

https://bugzilla.fedora.us/show_bug.cgi?id=520
Something like how I started this Bugzilla report is one way packages 
are submitted.  Only the URL to SRPM, URL to md5sums.asc, and a short 
description about what the package does.  A tool that can do this 
reliably would save maybe 30-45 seconds.  It would easy to use that same 
tool to post updates to that package in the existing report too.  Beyond 
this what would the tool do that is useful?

In the future fedora.redhat.com will allow CVS access with ACL's for 
certain developers to apply updates directly to CVS for both tracking 
and build source purposes.  My current proposal is to do both this and 
one report per package publication for tracking the discussion necessary 
to bring each package to publication status.  The procedure for 
submission, testing, approval and publication would be similar to what 
fedora.us is currently doing, except much more automated, with a few 
approval steps by managers along the way.

Currently FC is not using any Bugzilla tracking for each 
updates-testing, and this is a bit disconcerting for the community 
developers and users alike.  This direction that we are heading will 
hopefully improve this situation.

Warren

More information about the fedora-devel-list mailing list