Summary/Minutes from today's FPC Meeting (2015-02-12 17:00 - 19:15 UTC)
by James Antill
======================
#fedora-meeting-2: fpc
======================
Meeting started by geppetto at 17:05:02 UTC. The full logs are available
at
http://meetbot.fedoraproject.org/fedora-meeting-2/2015-02-12/fpc.2015-02-...
.
Meeting summary
---------------
* Roll Call (geppetto, 17:05:21)
* #126 bundling exception for scintilla (geppetto, 17:07:14)
* LINK: https://fedorahosted.org/fpc/ticket/126 (geppetto, 17:07:18)
* LINK: http://mmaslano.fedorapeople.org/review/perl-Wx-Scintilla.spec
-> 404 (orionp, 17:19:23)
* ACTION: tibbs try to find what's bundling scintilla, and try to do a
rundown of what would need an exception. (geppetto, 17:19:26)
* #202 Application for exemption from "No bundling" rule: Gargoyle
(geppetto, 17:19:54)
* LINK: https://fedorahosted.org/fpc/ticket/202 (geppetto, 17:19:59)
* ACTION: Still no, close and reopen if someone wants to start afresh
(geppetto, 17:26:45)
* #221 Bundling exception request: numptyphysics and Box2D (geppetto,
17:26:55)
* LINK: https://fedorahosted.org/fpc/ticket/221 (geppetto, 17:26:59)
* ACTION: postpone until limburgher is at the meeting. (geppetto,
17:28:09)
* #235 exception for bundling a library into uif2iso package
(geppetto, 17:28:19)
* LINK: https://fedorahosted.org/fpc/ticket/235 (geppetto, 17:28:23)
* ACTION: Just close this out, open a new ticket if someone wants to
start afresh (geppetto, 17:32:26)
* #338 %doc and %_pkgdocdir duplicate files and cause conflicts
(geppetto, 17:32:45)
* LINK: https://fedorahosted.org/fpc/ticket/338 (geppetto, 17:32:49)
* ACTION: tibbs Restate the proposal as a policy change, so we can
vote on it (geppetto, 17:38:36)
* #346 Bundling exception request for Eclipse Sisu (geppetto,
17:38:56)
* LINK: https://fedorahosted.org/fpc/ticket/346 (geppetto, 17:39:02)
* ACTION: No bundling, do the automatic re-namespacing in sub-package
fix. (geppetto, 17:42:00)
* #381 Bundling exception for python-matplotlib fonts (geppetto,
17:42:11)
* LINK: https://fedorahosted.org/fpc/ticket/381 (geppetto, 17:42:17)
* ACTION: Everything going as planned, excellent. Can close.
(geppetto, 17:47:01)
* #399 request for bundled library exception - clustal omega
(geppetto, 17:47:11)
* LINK: https://fedorahosted.org/fpc/ticket/399 (geppetto, 17:47:16)
* ACTION: request for bundled library exception - clustal omega (+1:5,
0:1, -1:0) (geppetto, 18:02:06)
* #401 (reverse) bundling exception for stream-lib (geppetto,
18:02:25)
* LINK: https://fedorahosted.org/fpc/ticket/401 (geppetto, 18:02:30)
* ACTION: bundling/forking of cassandra bloom filters for stream-lib
(+1:5, 0:1, -1:1) (geppetto, 18:13:24)
* #426 Need policy and macros for binfmt.d file handling (geppetto,
18:13:35)
* LINK: https://fedorahosted.org/fpc/ticket/426 (geppetto, 18:13:40)
* ACTION: Seems to be obsolete by the new wording we have for
binfmt_apply. (geppetto, 18:29:49)
* #435 %py3dir not removed by rpmbuild --clean (geppetto, 18:29:59)
* LINK: https://fedorahosted.org/fpc/ticket/435 (geppetto, 18:30:04)
* ACTION: Rathann Will prepare a draft we can vote on for next week
(geppetto, 18:37:48)
* Open Floor (geppetto, 18:38:00)
* ACTION: Everyone should try to respond with some of their thoughts
on the ring packages thread. (geppetto, 19:11:31)
Meeting ended at 19:18:00 UTC.
Action Items
------------
* tibbs try to find what's bundling scintilla, and try to do a rundown
of what would need an exception.
* Still no, close and reopen if someone wants to start afresh
* postpone until limburgher is at the meeting.
* Just close this out, open a new ticket if someone wants to start
afresh
* tibbs Restate the proposal as a policy change, so we can vote on it
* No bundling, do the automatic re-namespacing in sub-package fix.
* Everything going as planned, excellent. Can close.
* request for bundled library exception - clustal omega (+1:5, 0:1,
-1:0)
* bundling/forking of cassandra bloom filters for stream-lib (+1:5, 0:1,
-1:1)
* Seems to be obsolete by the new wording we have for binfmt_apply.
* Rathann Will prepare a draft we can vote on for next week
* Everyone should try to respond with some of their thoughts on the ring
packages thread.
Action Items, by person
-----------------------
* Rathann
* Rathann Will prepare a draft we can vote on for next week
* **UNASSIGNED**
* tibbs try to find what's bundling scintilla, and try to do a rundown
of what would need an exception.
* Still no, close and reopen if someone wants to start afresh
* postpone until limburgher is at the meeting.
* Just close this out, open a new ticket if someone wants to start
afresh
* tibbs Restate the proposal as a policy change, so we can vote on it
* No bundling, do the automatic re-namespacing in sub-package fix.
* Everything going as planned, excellent. Can close.
* request for bundled library exception - clustal omega (+1:5, 0:1,
-1:0)
* bundling/forking of cassandra bloom filters for stream-lib (+1:5,
0:1, -1:1)
* Seems to be obsolete by the new wording we have for binfmt_apply.
* Everyone should try to respond with some of their thoughts on the
ring packages thread.
People Present (lines said)
---------------------------
* geppetto (156)
* tibbs|w (133)
* sgallagh (40)
* Rathann (39)
* tomspur (26)
* mbooth (20)
* zodbot (10)
* racor (6)
* orionp (3)
* willb (2)
Generated by `MeetBot`_ 0.1.4
.. _`MeetBot`: http://wiki.debian.org/MeetBot
8 years, 9 months
[Proposal] Ring-based Packaging Policies
by Stephen Gallagher
(Logistical note: please keep all replies to this thread on
devel(a)lists.fedoraproject.org)
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
== Premise ==
So, some time ago, we started talking about dividing up the Fedora
package set into a series of "rings". One of the driving purposes behind
this idea was to re-evaluate our policies for packaging in each of these
rings. A fair amount of time has passed and no formal discussions have
taken place (that I have seen, at any rate), so I'm going to provide
here a simple "starter" proposal that we can work from and see where it
leads.
To begin, I'll try to identify some of the major advantages and
disadvantages in our current policies. (In no particular order...)
=== Advantages ===
* Consistency: every shared library, language-specific module and
application should have packaging consistent with others in its
category. This makes it easier for comaintainers and provenpackagers to
pick it up and work on it.
* The no-bundled-libraries policy means that when a library module
requires an update, it means that only one package needs to be modified
in order to enhance all applications on the system that consumes it.
This is a significant time-saver when it comes to dealing with
(increasingly common) security vulnerabilities.
* Package review "front-loads" the task of educating the packagers. It
guarantees that packages enter the collection by meeting a very high
standard. This does a great deal to accomplish the "consistency"
mentioned above.
* Legal review and the FPCA ensures that Fedora remains true to its
"Freedom" Foundation (as well as protecting Fedora contributors from the
perils of the international legal system).
=== Disadvantages ===
* Very strict policies often leads to potential packagers giving up.
* Package reviews for less-interesting packages (such as those for less
popular SIGs) often remain un-reviewed for weeks, months or even years.
* The package policies are only ever reviewed during the initial
creation of the package. Once that initial (high) hurdle is cleared, the
packager essentially has free reign to do whatever they want with their
package. This sometimes means that as time passes, the spec files
"bit-rot" or otherwise start accumulating other inconsistencies. (A
common example is the package whose upstream starts bundling a library
without the packager noticing).
* Many upstream projects do not concern themselves with being "in" any
particular distribution (with the notable example being the
Debian/Ubuntu flavors which have amassed a sufficient apparent userbase
that they sometimes get special treatment). For a variety of reasons,
this often leads directly to bundling the vast majority of their
dependencies. This is done for many reasons, but the two most common are
supportability and portability; it's impossible for many upstreams to
actually QA their package with every possible distro library. Instead,
if they ship everything they depend on, they can guarantee *that*
specific combination. This moves the responsibility from the
distribution to the upstream package to maintain their bundled
libraries.
* With many languages, there is no possibility of installing multiple
versions of the same library on the same system, so if an application
requires a newer or older version of the library than is in Fedora to
run, it fails. For those languages that *do* allow this, it still adds a
significant maintenance burden on the packagers to keep multiple
versions of the same package up-to-date (which gets particularly hard
when upstream abandons a version that something else in Fedora depends
on...)
== Analysis ==
First, I will make an assumption based on the "First" Foundation: We as
the Fedora Project want people to have access to the software that they
desire. We may disagree on how that is to be achieved, but I believe the
goal is the same.
Second, I will call attention to the fact that different Fedora users
have very different needs from the software. For example, those running
Fedora Server and Fedora Cloud are likely far more concerned with Fedora
as a *deployment* platform than they are as a *development* platform.
Folks running Fedora Workstation or the KDE spin are likely to be
somewhat more interested in the development side of things (though not
exclusively).
Packaging software for development and packaging it for real-world
deployment can be very different. I'm not going to attempt to identify
all the ways that this can be the case in this email. Others have done
so with great verbosity in the past and I will not attempt to re-hash
them.
Thirdly, I will note (again) that many upstream projects have moved away
from a distro-centric model. This is in part because unlike in the past,
there are a great many distributions out there now, all with individual
packaging requirements to be inside those distros. Taken in concert with
the behaviors of many of the language repositories (like Python, Ruby
and Node.js), it is simply *easier* and *faster* to just have your
package carry whatever it needs with it.
As I also mentioned above, the inflexibility of Fedora in carrying
multiple versions of the same packages means that in many cases, we are
*incapable* of providing a popular or interesting package in our repos.
This also serves to drive potential users to other distributions.
== Proposal ==
With these things in mind, I'd like to propose that we amend the
packaging policy by splitting it into two forms:
=== Core Packages ===
Any package that is provided on a release-blocking medium (which at
present includes Fedora Atomic, Fedora Cloud, Fedora Server, Fedora
Workstation, the KDE Spin and several ARM images) must comply exactly
with the packaging guidelines as they are written today. These packages
must receive a full package review *when they are added to the install
media*. Any package present on the media if this proposal is adopted is
exempted from this requirement. Any package to newly appear on the
install media after this time *should* (I hate that word...) receive a
new package review, even if it is already present in Fedora.
=== Ring Packages ===
Any new package that is *not* going to be part of the install media set
is required to pass a lighter review and is permitted to carry bundled
libraries, with caveats to be listed below.
==== Ring Package Review Requirements ====
* A reviewer *MUST* establish suitability for the Fedora Project. This
means verifying that the package contains only permissible content
(legally-speaking).
* The package *MUST* conform to the FHS and other filesystem conventions
used by Fedora (such as %{python3_sitelib}), except when granted an
exception by the FPC.
* The package *MAY* contain bundled libraries or other projects, but if
it does so, it *MUST* contain a "Provides: bundled(pkg) = version" for
each such bundling. This is done so that we can use the meta-data to
identify which packages may be vulnerable in the event of a security
issue.
== Conclusion ==
So that is my proposal to consider for Fedora 23+ (it's too late in the
Fedora 22 cycle to consider this, but I'd prefer starting the F23
discussion right away). Comments and suggestions are strongly
encouraged.
Thank you for reading to the end.
8 years, 9 months
Summary/Minutes from today's FPC Meeting (2015-02-05 17:00 - 18:25 UTC)
by James Antill
======================
#fedora-meeting-1: fpc
======================
Meeting started by geppetto at 17:02:54 UTC. The full logs are available
at
http://meetbot.fedoraproject.org/fedora-meeting-1/2015-02-05/fpc.2015-02-...
.
Meeting summary
---------------
* Roll Call (geppetto, 17:02:54)
* #494 Python3 __pycache__ directory (geppetto, 17:06:03)
* LINK: https://fedorahosted.org/fpc/ticket/494 (geppetto, 17:06:09)
* LINK:
https://fedoraproject.org/wiki/User:Tibbs/PycacheDraft#Byte_compiling
(tibbs|w, 17:07:15)
* LINK:
https://fedoraproject.org/w/index.php?title=User%3ATibbs%
2FPycacheDraft&diff=402243&oldid=402019
(tibbs|w, 17:07:20)
* LINK:
https://fedoraproject.org/w/index.php?title=User%3ATibbs%
2FPycacheDraft&diff=402245&oldid=402019
(tomspur, 17:10:08)
* LINK:
https://fedoraproject.org/w/index.php?title=User%3ATibbs%
2FPycacheDraft&diff=402245&oldid=402243
(geppetto, 17:11:26)
* ACTION: Policy for py3k __pycache__ dir. by tibbs with edits by
tomspur/orionp (+1:6, 0:0, -1:0) (geppetto, 17:17:49)
* #497 Clean up BuildRequires section; don't try to define the minimal
build env (geppetto, 17:23:12)
* LINK: https://fedorahosted.org/fpc/ticket/497 (geppetto, 17:23:14)
* ACTION: Nuke rpmdev-rmdevelrpms section (+1:5, 0:0, -1:0)
(geppetto, 17:31:43)
* #498 Seeking guidance: Apps using default Python in Fedora vs. EPEL
(geppetto, 17:32:04)
* LINK: https://fedorahosted.org/fpc/ticket/498 (geppetto, 17:32:08)
* LINK: https://fedorahosted.org/fpc/ticket/327#comment:9
(abadger1999, 18:07:01)
* ACTION: tomspur Tweak wording of comment 5 for vote next week.
(geppetto, 18:14:57)
* Open Floor (geppetto, 18:18:16)
Meeting ended at 18:25:55 UTC.
Action Items
------------
* Policy for py3k __pycache__ dir. by tibbs with edits by tomspur/orionp
(+1:6, 0:0, -1:0)
* Nuke rpmdev-rmdevelrpms section (+1:5, 0:0, -1:0)
* tomspur Tweak wording of comment 5 for vote next week.
Action Items, by person
-----------------------
* orionp
* Policy for py3k __pycache__ dir. by tibbs with edits by
tomspur/orionp (+1:6, 0:0, -1:0)
* tomspur
* Policy for py3k __pycache__ dir. by tibbs with edits by
tomspur/orionp (+1:6, 0:0, -1:0)
* tomspur Tweak wording of comment 5 for vote next week.
* **UNASSIGNED**
* Nuke rpmdev-rmdevelrpms section (+1:5, 0:0, -1:0)
People Present (lines said)
---------------------------
* geppetto (128)
* tibbs|w (101)
* abadger1999 (56)
* tomspur (29)
* zodbot (9)
* orionp (7)
* mbooth (6)
* SmootherFrOgZ (3)
* racor (2)
* gholms (1)
Generated by `MeetBot`_ 0.1.4
.. _`MeetBot`: http://wiki.debian.org/MeetBot
8 years, 10 months
Should release number (DistTag) agree between branches ?
by Brad Bell
I have the case where the master (rawhide) has the following verison and
release
Version: 20150000.4
Release: 2%{?dist}
The other branches have not had any builds with this version of the
upstream source.
It it correct to just merge the master into origin/f21 and then push as
http://fedoraproject.org/wiki/Package_maintenance_guide
might be suggesting ?
Perhaps I should change the release to
Release: 1%{?dist}
and the log from
* Sun Feb 01 2015 Brad Bell <bradbell at seanet dot com> - 20150000.4-2
to
* Sun Feb 01 2015 Brad Bell <bradbell at seanet dot com> - 20150000.4-1
8 years, 10 months
Re: [Fedora-packaging] nodejs-ws - should I change it to a noarch
by Stephen Gallagher
(Sorry for top-post)
I'm forwarding this to the packaging list for input on the
arch-to-noarch question.
On Tue, 2015-02-03 at 10:42 -0600, Troy Dawson wrote:
> Hi All,
> I was going through, updating my nodejs package for rawhide (f22) when I
> found the nodejs-ws went from binary to pure javascript with version 0.7.1.
>
> So, my question is this. Do I continue to leave it as an arch, so I
> don't break thing, so should I go to noarch.
>
> Switching from an arch to a noarch has bitten me in the past when people
> do updates. I don't know if that is still the case.
>
> What are people's thoughts. Should I switch it to a noarch?
> I'm not planning on backporting this to older distributions if that
> matters in the decision.
>
> Thanks
> Troy Dawson
>
> p.s. Side note - This update also requires nodejs-ultron, if anyone
> wants to do a review request.
> https://bugzilla.redhat.com/show_bug.cgi?id=1188763
>
> p.p.s. If there is already a fedora page explaining arch to noarch
> policies, that would be great. Feel free to point me to it.
> _______________________________________________
> nodejs mailing list
> nodejs(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/nodejs
8 years, 10 months
