[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RFC: Package Review VCS



Below is just an idea.  Please add your suggestions to refine this idea.

Proposal: Package Review VCS
============================
* /cvs/pkgreview has the same structure as /cvs/pkgs. "make build" does koji build --scratch --background. If the submitter isn't a Fedora packager yet, then the reviewer can import and build on their behalf after doing some basic sanity checks like:
   - does the package build locally?
   - does the package contain trojans?

* Faster and easier collaboration on new packages is enabled, meaning lower turnaround time during the review process. After the initial .src.rpm URL, subsequent reviews can instead be done from a VCS checkout. If the package contributor is already a packager, then a package review may begin directly from VCS.

* Changes that happen during the review process are tracked and not lost. When the package review is approved, the CVS history is copied into /cvs/pkgs.

* We could control VCS write access to /pkgs/pkgreview with a different FAS group that is easy to obtain. (i.e. any existing Fedora Packager can approve your access to pkgreviewrepo). This allows new contributors to easily collaborate and add reviewer suggested changes. The reviewer can then more conveniently review the changes and start another scratch build on behalf of the submitter.

* This allows a sort of "Level 0 Packager" entry-level access, where we provide a safe and easy way for new contributors to be eased onboard with a simpler subset of tools to work with.

Example Workflow
================
1) New contributor submits package review.
2)
	a) Reviewer takes review, imports .src.rpm into CVS, starts scratch build.
	b) Reviewer makes suggestions to improve the package.
	c) Reviewer grants pkgreviewrepo permission to contributor.
3) Contributor commits suggested changes to /cvs/pkgsreview, asks reviewer to check it again in the review ticket.
4) After review is approved and contributor is sponsored:
	a) Contributor requests fedora-cvs.
	b) CVS admin: Set pkgdb and koji bits.
	c) CVS admin: Copy history from /cvs/reviewpkg to /cvs/pkgs.
	d) CVS admin: Copy appropriate files in lookaside cache.

Other Minor Notes
=================
1) /cvs/pkgreview has its own separate lookaside binary cache, in order to reduce the amount of garbage that lives forever in the actual cache. Appropriate files are copied over to /cvs/pkgs's cache when the package is approved. 2) /cvs/pkgreview allows global commit access to anybody in the pkgreviewrepo or packager groups. 3) pkgreviewrepo may allow a new contributor to commit, but we currently cannot allow this to build due to resource constraints and security concerns. We may allow builds at a later date when we get more dedicated resources for review/scratch builders, isolated from our main builders. 4) Perhaps later we should consider an unofficial pkgreview yum repo. The reason for this, is to allow building a review package against another package also currently under review. This would probably depend on resources/isolation needed for #3.

Thoughts?

Warren Togami
wtogami redhat com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]