Broken deps in the stable release are not acceptable

Christoph Wickert christoph.wickert at nurfuerspam.de
Sat Dec 29 00:55:08 UTC 2007 

Am Freitag, den 28.12.2007, 15:25 -0400 schrieb Xavier Lamien:
> 
> 
> 2007/12/28, Christoph Wickert <christoph.wickert at nurfuerspam.de>:
>         Raleigh, we have a problem...
>         
>         python-gammu, which is required by wammu, prevents users from
>         updating
>         to the latest gammu release for several days now. It has
>         already been
>         reported in Bugzilla, see
>         https://bugzilla.redhat.com/show_bug.cgi?id=426848 and - even
>         more
>         interesting -
>         https://bugzilla.redhat.com/show_bug.cgi?id=425831
> 
> 
> I fallen on an broken deps on kernel-xen-devel during the update of my
> F-8 release, why don't talk about too ?

Because I never was affected by this one and did not even hear of it
before. IMHO a devel package is not that important as an application.
Most users could simply remove the package without loosing
functionality, this is different with wammu.
BTW: Are you talking about an upgrade from F7 to F8 or about an update
during the release?

> Its not the first time we have this kind of trouble.

Yes, and this is the reason why I wrote my mail. We NEED to look for
ways that this CANNOT happen, because it really is a showstopper that
frightens people to use Fedora. At least I have heard people complaining
about this over and over again, for example at fedoraforum.de

> 
> I Agree this should not happen but, ask first why there is a broken
> deps on some packages and why this happen.

I guess most of the time it happens because of a lack of communication
and coordination. But if all packages are owned by the same person this
reason IMO is not valid.
> 
>         This leads me to some questions:
>         
>              1. Why is # 425831 still in status "New"? It has been
>         reported on Dec 16th and the maintainer already responded to
>         it.
>              2. What's so difficult to coordinate 2 (3 with wammu)
>         dependent packages? All are owned by the same packager. IMO
>         this should be done in one single update in bodhi.
> 
> It's not difficult, it's not my first update of gammu
> collection/dependence package, and it's not the first time a upadte
> depended  release.

Then you should have known what happens... ;)
Once again: I'm not here to blame someone.
> 
>              3. Do we need better training  for our maintainers or
>         more 
>                 documentation in the wiki? The broken deps already
>         appeared in  EPEL before they were in F8, so the maintainer
>         should have known that he's breaking something when he did the
>         gammu update in Fedora.
> 
> I think we should set up and automate  or web_api to request repo tag
> for package we wanted to build against fresh released one
> to build other into koji/mock from repo

I agree that the current situation is not optimal for the packagers
because the required packages have to be added to buildroot manually by
rel-eng. But AFAIK we do have the possibility of chain-builds now.

> 
>              4. When was the testing done? gammu-1.17.0-1.fc8 was
>         built on Dec. 22 11:22:28 MST [1] and hit the updates repo on
>         Dec. 23 22:50:08 [2]. This is less than 36 hours for testing.
> 
> For that, we could make a bodhi policy. Cause no rules say all package
> Must go to testing-update before move to stable one.

You are right. I thought we already had policy for that but the wiki
says:
"If you feel that community testing is unnecessary for your update, you
can choose to push it straight to the stable fedora-updates repository
instead."

IMO this is wrong, it should only be allowed for security updates.

> 
>              5. Why has gammu been pushed directly to updates and not
>         to
>                 updates-testing? According to the changelog it was not
>         a 
>                 security update.
> 
> Why does only security update  should go to stable ?

Because problems like this case most likely would have been realized in
testing before they annoy a large number of users. Pushing updates
directly to stable renders updates-testing useless.

> 
>         Note that I don't want to blame a single person here. I think
>         this is just an example that we really NEED to think about how
>         to avoid such situations in the future? I know there are
>         people on vacation these days, but there are enough people
>         that offered help. Unfortunately they are not allowed to by
>         the ACLs.
> 
> I'm not here to blame anyone too but this thread should up many time
> ago. on differente pacakge that broken yum udpate in the past, not
> only this one.

Let's not talk about the past, let's talk about how to avoid this in the
future. There are several ways we could try to accomplish this: Some are
more strict policies, others are more technical, but most important I
think we should get rid of the "don't touch other peoples
packages"-attitude. If someone fixed that within one or two days I
wouldn't have written my previous mail.

Christoph
> 
>  
> 
>         Any thoughts?
>         Christoph
>         
>         [1] http://koji.fedoraproject.org/koji/buildinfo?buildID=28966
>         [2]
>         https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4743
>

More information about the fedora-devel-list mailing list