[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: New Package Process



On Wed, Apr 27, 2005 at 12:17:53AM -1000, Warren Togami wrote:
> Michael Schwendt wrote:
> >>It does not really matter if CVS import happens before
> >>review and revisions or after, as long as an explicit approval is made
> >>before it is built.
> > 
> > 
> > Except, it doesn't make much sense to important something without review
> > only to find out that there are legal issues or it doesn't build due to
> > missing requirements (not included in Fedora Extras) or needs much work
> > packaging/run-time wise.
> > 
> 
> Good reasons.  Then we will disallow this in the future.  For everything 
> else please clarify in the Wiki.
>
Not disagreeing but there needs to be some "Well-behavedness" guidelines so
we know what is expected of a package to be put into CVS.

Here's my start for a list:
* Follows naming guidelines
* No one raises any legal issues
* Passes security checks for upstream pristine sources
* Passes security checks in spec file build/install scripts
  - Unfortunately this means someone does need to skim through the spec.
* Patches don't look malicious
  - Unfortunately this means someone has to review the patches.
* Packager shows commitment to fix issues raised

We end up needing to do a pretty thorough review before package import --
just not blocking cvs import on all the things that are found....

Someone else have some better ideas?

-Toshio


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]