[Fedora-packaging] How Fedora is updated/built?

Toshio Kuratomi a.badger at gmail.com
Tue Aug 4 02:54:04 UTC 2009 

Note: This is probably more of a fedora-devel-list topic.  No way for
you to know that, just looking in from the outside, though :-)

On 08/01/2009 09:41 AM, Cristian Morales Vega wrote:
> Hi,
> 
> I'm not a Fedora user, but looking at the repositories I saw that you
> update things like KDE in a regular basis. That's uncommon, distros as
> Ubuntu, Mandriva or openSUSE just release security updates and fixes
> for really important bugs (frightened about the possibility of
> upstream breaking ABI compatibility by error). At the same time I saw
> some packages not updated... so, which exactly is the Fedora updates
> policy?

This is up to maintainer discretion.  In some cases individual SIGs
(Special Interest Groups) manage a specific set of dependent packages.
(KDE is largely this way).

> What I'm most interested in is knowing if a package built against a
> base (not updated) Fedora install is guaranteed to work with an
> updated Fedora system.

No.  It's generally frowned upon to make incompatible updates but it's
not unheard of.  Many maintainers prefer to go to the latest version
rather than backporting security fixes which can break compatibility
(mozilla/xulrunner/firefox is this way, for instance).

> And, when you release an update to the latest
> version of Amarok, is it built against the original distro/KDE or the
> updated one?

The updated one.

> If you release an update from KDE 4.2.2 to 4.2.3, a new
> Amarok package is also released (without changes, only rebuilt against
> the new KDE)?
> 
If the libraries are supposed to be compatible and there is not a new
Amarok package we won't recompile Amarok.

> One cause I ask is because the openSUSE Build Service builds
> everything against the original, not updated, Fedora. Is this a
> problem?
> 
Yes.  Depending on what libraries your package depends on, you could end
up with a package that does not work on an updated Fedora.

Within Fedora we have three repositories for any given release.  The
actual release repo has the packages that were available at the time of
release with whatever QA and other testing that we did at that point.
The official livecd's, install cds, spins, etc are composed from this
tree.  Then we have an update repo and an updates-testing repo.  Updated
packages and new packages generally go to updates-testing and then are
pushed to updates after a few weeks.

If you're building a third party package it would make the most sense
from a Fedora user's point of view to act like you're part of the normal
Fedora update stream -- thus your package should build against and run
with the package set that's in the updates repository.  However, it's
harder for you to coordinate this than a package within Fedora as Fedora
package maintainers can be proactive about checking which packages
depend on theirs whenever they issue an incompatible update -- they
can't be proactive about checking which third party packages their
update will break.

-Toshio

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-packaging/attachments/20090803/d46345c9/attachment.sig>

More information about the Fedora-packaging mailing list