question for board members

Fri May 7 16:06:12 UTC 2010

On Fri, 7 May 2010 09:47:28 -0500, Matt wrote:

> I don't see the "package review metrics" as focusing on quantity over
> quality.  I see it as a way to reward, albeit merely with a "thanks
> for stepping up", for people who review packages.  It's an otherwise
> thankless task, and we have a backlog of package review requests, so
> clearly someone is using those packages (if only we could have a legal
> way to get a feel for how many).  

The issue here is that the reviewer only contributes reviews to
meet dubious requirements:  1) the ranking of who did the most reviews
in the past week(s),  2) the growing queue of review requests which
is considered a problem by some people,  3) the new packager who has not
been approved yet and might complain loudly,  4) the packager sponsor
who is expected to sponsor new packagers (who in the end might not
contribute what Red Hat… uhm… Fedora leadership is hoping for).

> Sure, it's possible that some
> reviewers might push through with a poor review just to bump their
> review stats, but I'd be surprised if that's a big problem.

They might push through with a _good_ review, and repeat that for dozens of
similar packages (e.g. Perl/Python/Ruby modules), ... and still it isn't
measured whether there is interest in those packages. It may also be that
the packager doesn't maintain the initial quality of the approved package,
because the reviewer won't return to review updates and version upgrades.

Preferably, the review queue would be processed by people, who use the
stuff actually and care enough to either sign up as co-maintainers or as
dedicated test-users to build community package maintenance teams for each
and every package.  Instead, we have packagers who own two dozen packages
each (some own a hundred), only to orphan them after a year or so, because
it became boring to update them and because no community developed around
them.

> When we had ~100 packagers, and ~3000 packages, if something broke,
> one of the 100 would either fix it themselves or quickly find the
> owner and get it fixed quickly. Those 100 kept up their quality due to
> the BPB ("brown paper bag").  We're over 2400 packagers now, and
> quickly approaching 10k packages (so quite an increase in scale), and
> there's also less "shame" if a packager or package breaks something -
> "the automated tools should have caught it".  Only they don't.

Is it "less shame" due to the number of packagers? Or is it "less shame"
because the package collection contains a larger number of less popular
packages, which don't have a big impact if they break? I think it's the
latter. The Fedora package collection contains software, which simply
isn't used anywhere by Fedora users, and which sometimes doesn't even
install or work at all, because not even the package owner uses the
software on all dist releases.

> [...] get the quality reputation back where it's historically been.

The "development period" is where to work towards that. Fedora suffers
more from Gold releases not being ready -- and being in need of a series
of bug-fix updates -- than from ordinary maintenance updates making it worse.