[Fedora-packaging] Need advice pertaining to GSoC proposal

Jeff Spaleta jspaleta at gmail.com
Fri Apr 3 20:57:34 UTC 2009


On Wed, Apr 1, 2009 at 1:38 PM, Debayan Banerjee <debayanin at gmail.com> wrote:
>2) Add pluggable policies

Pluggable policies are a political landmine in terms of coordinating
with 3rd party repos. Should the Fedora Project be setting policies
with regard to how users use 3rd party repos? What happens when 3rd
party repo maintainers don't like the default policies? Don't they
just build repository release packages with scripts which override
them setting them back to something they consider sane for their repo?
 We've been down this rabbit hole before. Fedora controls its
repositories.. it does not control 3rd party repositories, we are not
going to get into the business of whitelisting or blacklisting
anything associated with 3rd party repos making any judgements
whatsoever as to the packages in repositories we don't have control
over.  If this is implemented Fedora won't be doing anything with it
at all.

And isn't this duplicate functionality to yum-protectbase and
yum-protect-packages that Fedora has...and is not enabled by default?

3)Add voting system to Package Manager:
I have a very deep problem with equating votes with trust.  I would be
more inclined to integrate popcon like functionality or the
application usage mechanism that mugshot used to get a crowdsource
perspective on how "used" an application package is relative to
another...without overloading the meaning of the word "trust."  Re


> 4) A server that receives these votes and maintains a list of repos in
> sorted order. The distro maintains this. Leave it to the user which
> repo he wants to add now.

> 4) A server that receives votes and maintains a listing of
> repositories in sorted order:
> We could make modifications to <https://admin.fedoraproject.org/pkgdb>
> so that it provides one-click-install links to all packages thus.
> Similar efforts are at:

The external Fedora community actually had a site like this early on.
package tracker or something.  But let me be very very clear its going
to be very difficult to get this sort of thing officially hosted as an
official piece of Fedora infrastructure for the same technical reasons
that we can't talk in detail about 3rd party repository packages in
the wiki.  The only conceivable way you could do this is if each
repository hosted its own service instance and packagekit would query
each repository's voting information after the repository was
configured.  Votes are just another form of metadata about packages.
We don't host currently recognized 3rd party package metadata
centrally, we shouldn't get into the business of hosting more exotic
forms of metadata either. Regardless whether its dynamically served
from a central service or from mirrored repomd metadata.

And I think you have to make a stronger case for why this has to be a
centralized service and not mirrorable repository metadata that fits
within the repomd scheme so that it can be mirrored.

And of course none of my comments speak to the value of this concept
or the likelihood that Fedora would choose to enable this sort of
metadata by default. If its valuable and if Fedora will turn it on, it
won't happen unless you decentralize the information in such a way
that Fedora does not become responsible for hosting or distributing
any metadata about any packages from external repositories.

> I can set up a prototype server which
> accepts these votes and displays reposiories/packages accordingly.
> Once I have successfully built all the things I have mentioned, I dont
> mind buying hosting space to host it as a proof of concept.

Please understand that an implementation that is designed as a single
service which aggregates repositories from multiple vendors stands a
vanishingly small chance of being enabled by default in Fedora for
non-technical reasons.   I would encourage you to implement your ideas
such that each repository can take responsibility for providing its
own tagging metadata (abstract enough to be used for other tagging
models other than voting).

-jef




More information about the Fedora-packaging mailing list