[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: include much needed antivirus products in FC2



On Mon, 5 Jan 2004 13:06:47 -0600, Steven Pritchard wrote:

> On Mon, Jan 05, 2004 at 06:13:31PM +0100, Thomas M Steenholdt wrote:
> > Also, until the "extras" goes "live" for real, I (perhaps out of
> > ignorance) don't feel that confident (please comment on this) with the
> > fedora.us packages as the download.fedora.com ones?!?
> 
> Given how much of a pain in the ass it is to get a package accepted
> into the fedora.us repository, [...]

Is it considered a "pain"? I mean, some submitted packages don't even
build at all, or they fail to install in the %install section. After a few
comments or questions from a reviewer, sometimes it takes several weeks
before the packager submits a heavily revised package where not even a
single line in the spec file has not been touched and where many changes
are not documented in the changelog. It's a pain for a reviewer to stay
up-to-date with such package development. Heavy changes in indendation on
a minor upgrade decrease the readability of package diffs. Or a submitted
spec file is bloated with conditional instructions or commented parts to
make it work on distributions other than Red Hat Linux or Fedora Core.

What some people fail to realize is that an open package submission and
approval process [such as the one at fedora.us] is an interactive process
and requires a good bit of communication. Unless a submitted package is
completely free of flaws. And some packagers -- also new ones --
demonstrate that a package can pass the QA system quickly. QA resources
(more common "package reviewers") add comments and make suggestions which
can be discussed. Reviewers should not be seen as pedantic people who
block a package from being published, but who help trying to bring a
package into shape so that [currently] the build team doesn't waste any
time on failed build attempts and that package upgrade approvals will be
easier and faster.

> [...] I think you can safely assume that the
> packages that are there are good.  

"Good" is rather vague. An approved and published package which works for
the packager and at least one reviewer may have issues for someone who
installs a package and expects a completely preconfigured ready-to-run
piece of software which doesn't need any manual configuration steps.

> (Or at least have been beaten to
> death by an appropriate number of knowledgeable people.  ;)

Or the opposite, not enough knowledgeable people, and as a result,
a package request stays in the queue for a very long time.
 
-- 

Attachment: pgp00016.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]