fedora.us package requests (was: Re: OT - CAD question)
Michael Schwendt
fedora at wir-sind-cool.org
Fri Sep 17 06:32:15 UTC 2004
On Thu, 16 Sep 2004 15:12:46 -0600, Rodolfo J. Paiz wrote:
> > A qcad RPM package is waiting here for reviews:
> > https://bugzilla.fedora.us/show_bug.cgi?id=848
> >
>
> What does "waiting here for reviews" mean? I found a src.rpm file
> referenced, and will attempt to rebuild on my FC2 box. However, how do I
> (as a user, not a coder) help to review this?
New package submissions at fedora.us need GPG signed approvals before
they would be passed on to the build server by a release manager and
be put in a publicly accessible repository.
Most important would be that a package rebuilds from src.rpm,
installs, works, and uninstalls again without errors and is built from
non-trojaned upstream sources (when in doubt and the upstream
developers are trusted as not releasing malicious software themselves,
they can be asked to confirm tarball checksums, too, or provide
detached signatures somewhere). Unclean packaging or uncaught minor
mistakes could be fixed with an update after release (and there's
still the "testing" repository, too, where a package could be released
for the first time for the community to hammer on it).
http://www.fedora.us/wiki/PackageSubmissionQAPolicy#review
The current QA documentation mostly consists of technical low-level
things in order to avoid common packaging mistakes, some which could
break the repository, too, or make a package fail to build. The
packagers themselves ought to read that documentation and adjust their
packages accordingly prior to submitting a package request. Usually,
reviewers add their proof-reading or suggestions, though. Where help
is appreciated, it should also be possible to get someone in the know
of RPM packaging to take a look at the technical side of the package
in addition to a run-time based review from somebody else.
With the current QA system in bugzilla, after a first GPG signed
approval of a package request, the REVIEWED keyword can be set at the
top of a ticket to indicate that somebody has processed this request
and approved the package. That makes it easier for other reviewers to
join active package requests and contribute approvals or complementary
reviews.
And finally, some packagers provide binary packages in addition
to the src.rpm, so for pure run-time based reviews, it would not
be necessary to rebuild any packages from src.rpm. [However,
everyone should be able to run "rpmbuild --rebuild filename.src.rpm"
after installing the fedora-rpmdevtools package.]
--
Fedora Core release 2 (Tettnang) - Linux 2.6.7-1.494.2.2
loadavg: 0.00 0.00 0.07
More information about the fedora-list
mailing list