Mailinglist Archive: opensuse-buildservice (326 mails)

< Previous Next >
Re: [opensuse-buildservice] Integrating packages into Factory
  • From: Adrian Schröter <adrian@xxxxxxx>
  • Date: Wed, 30 Jul 2008 09:40:08 +0200
  • Message-id: <200807300940.08979.adrian@xxxxxxx>
On Wednesday 30 July 2008 09:23:30 Dirk Stöcker wrote:
On Tue, 29 Jul 2008, Adrian Schröter wrote:
* A significant interest by the users
(How to messure this ? 2 loud people vs. 1000 quite people ?)

Get the download statistics back to work. These are an independend
measuring instrument, which can be used exactly for this.

Sure, but what is rule ? How much downloads per time is needed to qualify ?

* Who is able and willing to deliver maintenance updates ?
(Who qualifies to deliver updates for two years ? Who can be the
fallback ?)

From my point of view Novell is responsible for Factory packages, so
trust and maintenance must be handled by the Novell people. The OBS
packages can thus be only a base for the own package.

That is possible, but that would mean that no non-Novell employees are allowed
as maintainers of packages in openSUSE. I am not sure that we want this.

So it is plainly:
- Download statistics suggest to integrate package x
- package x is taken from OBS to Factory
- review the SPEC files
- check sources against upstream (are the tarballs equal?)
- check upstream sources (to a certain degree)
- check patches

Now the depths of the checks depends on the package, the quality of the
resulting RPM and also the individual trust-level of the author of the
package. Also the depth of these checks for updates mainly depends of the
trust-level of the package author.

But this are all Novell internals. The open part of SUSE should be
seperated from that. I install openSUSE on many systems and want to be
sure (to a certain degree - it's open source) this is possible.

Yes, I agree 100% here. But shouldn't it be possible also that non-Novell
employees can become part of distribution maintainers ?
I fear that otherwise plenty of packages just get refused due to limited
Of course we need a definition, when someone is trustable enough for Factory

Anyway I use the same method for Application:Geo. While initially everbody
had write access to every package there I switched that, so that I'm the
only one and the others have access to the individual packages only. From
time-to-time I check all the changes happened inbetween (This does not
mean I will be able to detect any dangerous modifications at all). At the
end the project Application:Geo has established a security policy without
the need to discuss this with anybody else. Same is true for factory -
it's a pure internal problem.

No, in factory directly only a very small group has direct write access. They
review changes from submitters. But they have their groups of trusted people
for certain packages. But their changes get anyway reviewed.


Adrian Schroeter
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
email: adrian@xxxxxxx

To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups