FESCo wants to ban direct stable pushes in Bodhi (urgent call for feedback)

Kevin Kofler kevin.kofler at chello.at
Tue Mar 2 10:55:22 UTC 2010 

Adam Jackson wrote:
> If it's ready on Tuesday afternoon, what makes you think anyone's going
> to have time to read it thoroughly enough to be able to vote on it?  Are
> you implying you're the only one on fesco that actually considers the
> proposal they're asked to vote on?

Considering that this proposed change was almost voted into law WITHOUT an 
actual proposal, is it really that unreasonable of me to think that?

>> Uh, why do we even allow triggers without explicit FESCo approval
>> (including notification to the maintainers of the packages being
>> triggered on)? They're much more dangerous than linking a static library
>> or bundling a library!
> 
> No disagreement here.  But that's sort of my point.  Packaging is
> subtle, and putting controls in place to minimize disruption for
> consumers is a broadly positive thing.  We should be monitoring for new
> scriptlets and reviewing suspicious ones.  We should also not skip
> updates-testing just because we think we're not going to break anything.

I think these 2 things have nothing to do with each other. Scrutinizing 
specfile changes which do very rarely needed and dangerous things specially 
makes sense, preventing critical bugfixes from reaching their users as 
quickly as possible doesn't.

> I mean, your argument here is "it doesn't matter how good our
> infrastructure for testing fixes is, it'll still not catch everything;
> therefore we should allow people to bypass it if they want".

No, that's not my argument. While your summary is quite close, it misses the 
important point.

My argument is actually: "It doesn't matter how good our infrastructure for 
testing fixes is, it'll still not catch everything. Therefore, some 
regressions make it into stable anyway, and we want them to get fixed (in 
the stable updates) as quickly as possible to minimize their impact on 
users. Therefore we should allow people to bypass updates-testing if they 
feel a need for it."

(And this just one of the reasons brought up for bypassing updates-testing.)

(And it's also not a matter of "wanting" to bypass testing, but a matter of 
feeling that doing so for a given particular update is really the right 
thing to do to provide the best possible service to our users!)

> By that argument, no prophylactic is 100% effective against diseases,
> therefore people should be free to not use them if they don't want to.

Therefore, this analogy is a strawman …

> You're positing A => B here.  A might be true.  B might be true.  They
> might both be true!  But it's not at all clear that A implies B.

… and this logical fallacy you're accusing me of committing is not in my 
argument at all.

> While I understand the temptation to rank package importance and
> fragility by position in the dependency tree, remember that leaf
> packages are why people use the OS in the first place.  No one runs
> Fedora just because they think coreutils is really neat.

But leaf packages aren't that likely to break from a small change. And X11 
breaking affects our users just as much as KDE or their favorite KDE 
application breaking.

        Kevin Kofler

More information about the devel mailing list