[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Review Request: inadyn

On Tue, 26 Apr 2005 04:28:16 -0400, Ignacio Vazquez-Abrams wrote:

> > > > http://www.herr-schmitt.de/pub/inadyn/inadyn-1.90-3.src.rpm
> > > 
> > > No, it's in CVS, so the copy in CVS needs to be reviewed. Anyways...
> > > 
> > > + URL checks out
> > > + Source0 md5sum matches
> > > - Source0 isn't a complete URL
> > > * Might want to consider writing an initscript for it
> > 
> > Did you change your mind about the package?
> > https://www.redhat.com/archives/fedora-extras-list/2005-April/msg00288.html
> Sponsoring and Package Review are two separate processes, at least
> according to the New Package Process in the wiki. Sponsoring is covered
> under Section I, Package Review under Section III.
> In my mind, Sponsoring covers minor cleanups that should be done before
> a package can/should be done before bringing it into CVS, whereas
> Package Review is meant to tighten up the package for production use.

You misunderstood my comment. Earlier on fedora-commits-list, you wrote:

> You never requested a review, so how can this possibly be approved?

Above link into the archives points to a message, where you replied
to Jochen's request for review and even imported his src.rpm later.

What surprised me is that it doesn't become clear when or whether
you would approve the package and what would be absolutely required
before you [the sponsor] would approve it.

With regard to what you wrote above about the Wiki:

If that is what other contributors read into the NewPackageProcess Wiki
page, too, we should change it and make it less ambiguous.

More proof that the current process is ambiguous, apparently, can be found
in fedora-extras-commits archives, where packages in CVS have no sponsor

Obviously, _prior_ to sponsoring a new package and prior to importing it
into CVS, a new package must be reviewed painstakingly and any issues be
discussed with the packager. The important and relevant reviewing happens
prior to CVS import. That way, new packagers, who don't have CVS access
yet, can get packages included, too.

The sponsor, who takes over security relevant checks (e.g. verification of
upstream locations, tarball origin, licencing), works with a packager on a
first package version, so it can be imported into CVS, where more people
see it and can comment on any oddities. Basically, that is the sponsor's
approval already, but the actual APPROVED message is delayed, because
after cvs import, other contributors might still have some to add or might
even block a package.

Post-commit reviews, in particular those which only comment on diffs
posted to fedora-extras-commits list, are no substitute for real reviews
done by somebody. For instance, who does test-builds, examines package
contents, and gives binaries a try at run-time prior to approval? The
sponsor? Or just the packager? An approval means what?

Fedora Core release 3.91 (Pre-FC4) - Linux 2.6.11-1.1258_FC4
loadavg: 1.14 1.17 1.10

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]