RPM submission procedure

Warren Togami warren at togami.com
Wed Jan 7 23:35:13 UTC 2004 

Eric S. Raymond wrote:
> 
> 
> These both seem like readily solvable problems to me. 
> 
> If you look at <http://dag.wieers.com/home-made/apt/mega-merge.php>,
> you'll see that this group describes itself as "The Red Hat/Fedora 
> authoritative packager list".  That sure sounds to me as though they
> would welcome official status if offered.


fedora.us is a collaborative project with about two dozen active 
packagers involved every day.  freshrpms/axel/dag/newrpms is comprised 
of several one-man operations that sometimes conflict and cause package 
clashes.  They have no published QA policy and only after-the-fact peer 
review and revisions.

http://www.fedora.us/wiki/RepositoryMixingProblems
Due to these reasons fedora.us has always said that we will not 
coordinate with external repositories.  We never have these package 
clashes, and our package quality is on the average better.  The drawback 
here is slower package review and publication.

Those other repositories are authoritative, within their own world.  You 
can choose to live in either their world, or our world.  Open Source 
means you have the freedom to choose.  I choose to live in the fedora.us 
world, and apparently so did Red Hat. [1]

> 
> (1) Software compromised for IP reasons must be exiled to livna.org
>     Repository keepers must agree to comply with a ban list compiled
>     by Red Hat.

It already seems to have happened.  It seems that rpm.livna.org is 
collaborative with a Bugzilla and QA procedure too.

> 
> (2) RPMs must meet Fedora QA standards.  Repository maintainers must
>     expect their submission, test and build procedures to be audited, 
>     and will be dropped from the list of authoritative repositories if 
>     they fail to meet standards.

We have fedora.us QA standards and nobody else has suggested a full 
proposal for an alternative, so currently fedora.us is on track for 
eventally become Fedora Extras around FC2 timeframe.

fedora.us is the only authoritative repository & project.

There is no authoritative list of repositories because fedora.redhat.com 
is designed so the user can choose to use any 3rd party repository.

> 
> I doubt you'd get any pushback on these requirements.  And the cost of 
> QA-monitoring these repositories would undoubtedly be lower than the
> cost of building and maintaining one big repository of your own.  You'd
> win fairly big on the download costs alone.

We respectfully disagree with this line of thinking.

Warren Togami
warren at togami.com

[1]
http://www.newsforge.com/software/03/10/01/1417208.shtml

More information about the devel mailing list