New Package Process (was: Re: Review Request: inadyn)

Ignacio Vazquez-Abrams ivazquez at ivazquez.net
Tue Apr 26 11:40:50 UTC 2005 

On Tue, 2005-04-26 at 12:29 +0200, Michael Schwendt wrote:
> On Tue, 26 Apr 2005 04:28:16 -0400, Ignacio Vazquez-Abrams wrote:
> 
> > > Did you change your mind about the package?
> > > https://www.redhat.com/archives/fedora-extras-list/2005-April/msg00288.html
> > 
> > Sponsoring and Package Review are two separate processes, at least
> > according to the New Package Process in the wiki. Sponsoring is covered
> > under Section I, Package Review under Section III.
> > 
> > In my mind, Sponsoring covers minor cleanups that should be done before
> > a package can/should be done before bringing it into CVS, whereas
> > Package Review is meant to tighten up the package for production use.
> 
> You misunderstood my comment. Earlier on fedora-commits-list, you wrote:
> 
> > You never requested a review, so how can this possibly be approved?
> 
> Above link into the archives points to a message, where you replied
> to Jochen's request for review and even imported his src.rpm later.

Aha. I see lots of people asking for a "review" when they're looking for
a package sponsor, so I figured that this would be the same thing.

> What surprised me is that it doesn't become clear when or whether
> you would approve the package and what would be absolutely required
> before you [the sponsor] would approve it.

It doesn't say in the wiki that the sponsor and the reviewer have to be
the same person. If this should be so then it might be prudent to spell
it out.

> With regard to what you wrote above about the Wiki:
> 
> If that is what other contributors read into the NewPackageProcess Wiki
> page, too, we should change it and make it less ambiguous.
> 
> More proof that the current process is ambiguous, apparently, can be found
> in fedora-extras-commits archives, where packages in CVS have no sponsor
> yet.

Honestly, I have no clue how other contributors read it. Or even *if*
they read it, for that matter. I only see 4 links to it, one off the
main Extras page, one off the CVS FAQ page (which is blue-on-blue, btw),
and 2 red herrings. I don't think enough emphasis is placed on that
process, since as you mentioned some packages have slipped in
regardless.

> Obviously, _prior_ to sponsoring a new package and prior to importing it
> into CVS, a new package must be reviewed painstakingly and any issues be
> discussed with the packager. The important and relevant reviewing happens
> prior to CVS import. That way, new packagers, who don't have CVS access
> yet, can get packages included, too.
> 
> The sponsor, who takes over security relevant checks (e.g. verification of
> upstream locations, tarball origin, licencing), works with a packager on a
> first package version, so it can be imported into CVS, where more people
> see it and can comment on any oddities. Basically, that is the sponsor's
> approval already, but the actual APPROVED message is delayed, because
> after cvs import, other contributors might still have some to add or might
> even block a package.

Excellent. Very worth adding to the wiki, possibly as subsection Ia of
the New Package Process.

> Post-commit reviews, in particular those which only comment on diffs
> posted to fedora-extras-commits list, are no substitute for real reviews
> done by somebody. For instance, who does test-builds, examines package
> contents, and gives binaries a try at run-time prior to approval? The
> sponsor? Or just the packager? An approval means what?

All very good points. When I sponsor a package I make sure it at least
builds on i386 (because that's all I have atm) without barfing. The
actual binary sometimes doesn't get tested until I review it (although
if I like a package's idea I'll try it out early).

-- 
Ignacio Vazquez-Abrams <ivazquez at ivazquez.net>
http://fedora.ivazquez.net/

gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20050426/76f55dc6/attachment.sig>

More information about the fedora-extras-list mailing list