RFC: Package Review VCS

Mon Nov 19 22:17:36 UTC 2007

Below is just an idea.  Please add your suggestions to refine this idea.

Proposal: Package Review VCS
============================
* /cvs/pkgreview has the same structure as /cvs/pkgs.   "make build" 
does koji build --scratch --background.  If the submitter isn't a Fedora 
packager yet, then the reviewer can import and build on their behalf 
after doing some basic sanity checks like:
    - does the package build locally?
    - does the package contain trojans?

* Faster and easier collaboration on new packages is enabled, meaning 
lower turnaround time during the review process.  After the initial 
.src.rpm URL, subsequent reviews can instead be done from a VCS 
checkout.  If the package contributor is already a packager, then a 
package review may begin directly from VCS.

* Changes that happen during the review process are tracked and not 
lost.  When the package review is approved, the CVS history is copied 
into /cvs/pkgs.

* We could control VCS write access to /pkgs/pkgreview with a different 
FAS group that is easy to obtain.  (i.e. any existing Fedora Packager 
can approve your access to pkgreviewrepo).  This allows new contributors 
to easily collaborate and add reviewer suggested changes.  The reviewer 
can then more conveniently review the changes and start another scratch 
build on behalf of the submitter.

* This allows a sort of "Level 0 Packager" entry-level access, where we 
provide a safe and easy way for new contributors to be eased onboard 
with a simpler subset of tools to work with.

Example Workflow
================
1) New contributor submits package review.
2)
	a) Reviewer takes review, imports .src.rpm into CVS, starts scratch build.
	b) Reviewer makes suggestions to improve the package.
	c) Reviewer grants pkgreviewrepo permission to contributor.
3) Contributor commits suggested changes to /cvs/pkgsreview, asks 
reviewer to check it again in the review ticket.
4) After review is approved and contributor is sponsored:
	a) Contributor requests fedora-cvs.
	b) CVS admin: Set pkgdb and koji bits.
	c) CVS admin: Copy history from /cvs/reviewpkg to /cvs/pkgs.
	d) CVS admin: Copy appropriate files in lookaside cache.

Other Minor Notes
=================
1) /cvs/pkgreview has its own separate lookaside binary cache, in order 
to reduce the amount of garbage that lives forever in the actual cache. 
  Appropriate files are copied over to /cvs/pkgs's cache when the 
package is approved.
2) /cvs/pkgreview allows global commit access to anybody in the 
pkgreviewrepo or packager groups.
3) pkgreviewrepo may allow a new contributor to commit, but we currently 
cannot allow this to build due to resource constraints and security 
concerns.  We may allow builds at a later date when we get more 
dedicated resources for review/scratch builders, isolated from our main 
builders.
4) Perhaps later we should consider an unofficial pkgreview yum repo. 
The reason for this, is to allow building a review package against 
another package also currently under review.  This would probably depend 
on resources/isolation needed for #3.

Thoughts?

Warren Togami
wtogami at redhat.com