On Friday 09 January 2004 13:59, Michael Schwendt wrote:
On Fri, 9 Jan 2004 20:05:06 +0200 (EET), Panu Matilainen wrote:
> The amount of nitpicking trusted developers produce
> (among themselves) is enough to scare off anybody starting in packaging
> I'm willing to bet :)
This must change, although often it is separated between suggestions and
blocker criteria. But at the same time, new packagers should not come
with slightly modified packages from e.g. Mandrake Cooker which bzip2 even
the smallest patch, or generic packages which contain dozens of lines of
conditional code which tries to adapt to a build environment.
A fundamental problem is "packager mentality". If a packager has the
impression that a QA person is the nitpicking bad guy who's nothing else
than a PITA, then the whole concept of working together on a community
maintained repository is doomed to fail. If on the other hand, the
packager is at least a bit open for suggestions or established common
practise, everything works better.
I agree about a change being needed.
Something that is unclear to me is the purpose of the QA. If it is to ensure
that the package is constructed properly, etc., then this make sense. It it
is targeting the software being packaged then I am sceptical that this is
going to work. Yes, some effort by packagers and reviewers should be made to
address obvious security errors/problems. But expecting a packager (as
oppose to an upstream developer) to do everything is (IMHO) not going to
work. While source code audits can be useful, they are also very expensive
and require highly skilled (and scarce) people to do them or the result is
meaningless.
I also like the categorizing approach that Alex does for ATrpms. If there is
some expectation of having people actually test and QA some new packages,
then there should be a place to put new packages ... reading bugzilla reports
to find out about new packages just does not cut it.
I am hopeful that the Red Hat folks will speak on the Fedora Extras subject
soon (their lack of comment is very noticeable). Some of this discussion
leads me to believe that the QA expectations (for fedora.us and Fedora
Extras) exceeds that for Fedora Core packages by Red Hat. Yes, I am sure
that some packages get a lot of scrutiny (the kernel, glibc, gcc, etc.) but a
lot do not (e.g., gftp).
--
Gene