[ACTION REQUIRED] Retiring packages for F-17

Michael Schwendt mschwendt at gmail.com
Fri Jan 13 21:51:00 UTC 2012

On Fri, 13 Jan 2012 21:03:09 +0100, KK (Kevin) wrote:

> When we're in danger of losing so many packages, it's a sign that our 
> processes are broken:

That's a dubious conclusion.

> * The forced password and SSH key change caused us to lose many maintainers, 
> not all of whom would have become inactive if it hadn't been for such stupid 
> asinine and totally useless (since the keys were NOT compromised) "security" 
> bureaucracy being forced on them, wasting their time.

Are you trying to say the Fedora Project has made it much too easy for them
to leave and have their account disabled, too?

What doesn't work is that we're supposed to "sponsor" people, who dump
packages into the collection without really trying to take care of them
afterwards. With no other users of those packages joining the team that
tries to maintain the packages. With bug reports being ignored. With the
initial packagers abandoning the Fedora Project without prior warning.

> * The whole concept of packages being "owned", and by one person at that, is 
> broken.

No, it isn't. Even in the scenario of project-wide write-access to packages,
there must be someone to decide when to perform an upgrade. And someone 
dedicated, who would be reachable via bugzilla tickets. [Unfortunately,
the latter doesn't work well anymore.] And someone to monitor upstream,
or contribute upstream, and collaborate with upstream. [here insert stuff
that has been discussed before]

> Fedora as a whole should feel responsible for those packages, commit 
> access should be open to ALL packagers (not just provenpackagers) as in the 
> good old Extras, and there should be experienced packagers actually stepping 
> in to rebuild packages with broken dependencies, fix FTBFS issues etc. (I 
> used to do that, but I had to mostly give up because nobody else would help 
> (Alex Lancaster used to help fixing broken dependencies, but mostly doesn't 
> anymore) 

Well, that's not entirely true, because there are still provenpackagers,
who rebuild broken deps _if_ they are affected by them. I see no reason
why I should spend time on packages nobody else takes care of. The packages
need more treatment than rebuilds. There are open bug reports, too.

> and I don't have the time to do it all alone anymore.)

Which is proof that your entire proposal won't work either.

> Any package which is removed from Fedora is a package our users will no 
> longer be able to use. Removing a package should only be a last resort if it 
> cannot be made to work at all.

No. We need _more_ packagers, even if that means, many more _newbie
packagers_. If there is at least one user for package, at least one of
these users ought to contribute to the packaging.

Disclaimer last: It's likely I will read replies in this thread, but it's unlikely
I will engage in an endless discussion as much of this has been discussed before.

More information about the devel mailing list