Michael's FUD (Was: Fragen zu Synaptic)

Michael Schwendt fedora at wir-sind-cool.org
Tue Jun 15 14:47:25 UTC 2004 

On Tue, 15 Jun 2004 04:05:15 +0200 (CEST), Dag Wieers wrote:

> > I do not "judge them as bad". I see flaws in the development model (e.g.
> > a single individual doesn't scale). And in particular, in the third
> > paragraph in the message you've linked, I make clear that I don't condemn
> > 3rd party packages wholesale.
> 
> Well, the problem is that what you start from is wrong. These no longer 
> are individual projects and to some degree never were.

Don't try to change history. ;)

> I'm not doing the QA myself. 
> You may have noticed that I include packages made by 4 different people, 
> as I mentioned before and as was cleverly cut away in your reply, I only 
> have to look at all the changes made by others, build the packages and 
> sign them.

These are [quite] recent changes due to the "repo merge", where you
exchange rpms with eachother and define an "authoritative packager". So
e.g. you include a package from Matthias Saou in your repository and he
includes one of yours in his repository. It's a first step towards
distributing load (although you still rebuild the packages).

Where does such package development take place? Where is the lifetime of a
contributed new package documented other than in the post-release spec
changelog? Is it done via private communication? Or is it possible for
observers to monitor such package development prior to release?

> In the same sense your point is that Linus doesn't scale either.

Exactly. Hence in the past he has had specific requirements on how to
submit incremental patches. If he were the only one forever to review and
approve the changes applied to the kernel by hundreds of _untrusted_
contributors, that would be beyond his time.

> > > > A single individual packaging hundreds of
> > > > packages and releasing new packages (upgrades of packages in Fedora Core
> > > > even!) without an open QA/Testing process.
> > > 
> > > *You* do not have to use a repository if it replaces or upgrades
> > > packages from Fedora Core.
> > 
> > Still I'm free to advocate repositories which do not fork Fedora Core
> > development and hence protect newbies from running into trouble.
> 
> "Fork Fedora Core development" ? 
> "Protect newbies from running into trouble" ?
> 
> In the previous paragrph you stated you don't judge these 3rd repositories 
> as bad. (scroll up)
>
> QED

It's getting close to splitting hairs. If every kind of criticism is
considered as judging something as "bad", so be it. Once more, I don't
condemn 3rd party packages and 3rd party repositories wholesale, but I
criticize general development models, non-open procedures, in particular
that the bugzilla tracker is not advertized and bug reports are accepted
via private mail.

Let me see what you tried to prove above as I don't know what "these 3rd
repositories" refer to (sometimes you refer to yours, sometimes to
others). I see, you agree that updating Fedora Core with unofficial [3rd
party] packages bears a risk. And in your opinion, risks are not just
dangerous but inherently "bad". Or do the repositories you refer to cause
trouble actually? If so, that is bad indeed, because trouble _is_ bad and
should be avoided (unless users are warned).

In general, unofficial Fedora Core updates can also be beneficial,
e.g. for a repository which fits into the "Fedora Alternatives"
classification. Or provided that bug-fix updates are reasonable and
well-tested. Preferably however, official bug-fix updates for Fedora Core
are prepared and tested, in particular if any extra packages need them.

Generally, I see risks in upgrading packages in Fedora Core with
unofficial packages. Similarly, I see risks in mixing repositories which
upgrade eachother and don't adhere to the same packaging
guidelines. Especially inexperienced users should avoid risks, as risks
can be dangerous. I've seen users of 3rd party repositories, who upgraded
Fedora Core packages and literally moved from leading edge towards
bleeding edge, have various problems. That does not imply that those 3rd
party repos are "bad". They may work for other users.  It's not me who
defines the target group of a repository. It's the users who choose
themselves. *If* they choose themselves instead of asking for
recommendations. If they ask for advise, I recommend the road of least
surprise and the open development model.

Don't put words into my mouth. Don't pick up rumours or believe any
malicious gossip in private mails.

More information about the fedora-list mailing list