New Package Process
Toshio Kuratomi
toshio at tiki-lounge.com
Wed Apr 27 12:20:23 UTC 2005
On Wed, Apr 27, 2005 at 12:17:53AM -1000, Warren Togami wrote:
> Michael Schwendt wrote:
> >>It does not really matter if CVS import happens before
> >>review and revisions or after, as long as an explicit approval is made
> >>before it is built.
> >
> >
> > Except, it doesn't make much sense to important something without review
> > only to find out that there are legal issues or it doesn't build due to
> > missing requirements (not included in Fedora Extras) or needs much work
> > packaging/run-time wise.
> >
>
> Good reasons. Then we will disallow this in the future. For everything
> else please clarify in the Wiki.
>
Not disagreeing but there needs to be some "Well-behavedness" guidelines so
we know what is expected of a package to be put into CVS.
Here's my start for a list:
* Follows naming guidelines
* No one raises any legal issues
* Passes security checks for upstream pristine sources
* Passes security checks in spec file build/install scripts
- Unfortunately this means someone does need to skim through the spec.
* Patches don't look malicious
- Unfortunately this means someone has to review the patches.
* Packager shows commitment to fix issues raised
We end up needing to do a pretty thorough review before package import --
just not blocking cvs import on all the things that are found....
Someone else have some better ideas?
-Toshio
More information about the fedora-extras-list
mailing list