Mailinglist Archive: opensuse (4398 mails)

< Previous Next >
Re: [opensuse] Packages from a user and Packager perspective
  • From: Sonja Krause-Harder <skh@xxxxxxx>
  • Date: Tue, 6 Sep 2005 15:02:45 +0200
  • Message-id: <20050906130244.GC5481@xxxxxxxxxxxxxxx>
On Tue, Sep 06, 2005 at 02:15:50PM +0200, Pascal Bleser wrote:
> > Another idea is transparency: make clear what level of trust a package
> > has, what kinds of reviews were done, and make sure users know the risks
> > when they download and install something. But allow everyone to use the
> > build infrastructure and package distribution servers and host their
> > packages there.
>
> Sure, anyone can package anything and put it on their website ;)

Having a central place to build package in clearly defined build roots
and with the whole armada of automated package checks during and after
build is a first step towards quality packages, don't dismiss it too
lightly ;-)

> > What would we need for such a model to work?
> 1. define policies and quality guidelines for packages, based on what Novell/SUSE already provides:
> http://ftp.novell.com/pub/forge/library/SUSE%20Package%20Conventions/spc.html
> 2. set up an infrastructure for
> - bug reports
> - voting/feedback on packages to promote from unstable to stable

Imagine a large pool of packages, not a distribution, and not even
called testing. Just a kind of primordial soup of packages. Everyone can
submit packages there.

Now imagine you could define a larger entity, let's call it a package
set, which you can create and be responsible for, and where you could
collect packages that have passed your review and meet your quality
standards. You could call it "Pascal's approved SUSE addon packages", or
form a group of people to help you who also have the respective
privileges for that package set. Hey, you could even create three of
them and call them stable, unstable and testing ;-)

But this would be only one package set of many, and SUSE Linux core
would be another, and SUPER maybe yet another, with different levels of
control and trust, and us Novell people only contolling very few of
them. Would that meet your requirements?

Let's think further than the Debian model, please.

(And thanks for the feature requests.)

Sonja


--
Sonja Krause-Harder (skh@xxxxxxx)
Research & Development SUSE Linux Products GmbH


< Previous Next >
Follow Ups