Hi, Let's identify the real issues and tackle them asap. From http://en.opensuse.org/Contrib#Open_issues_and_packages: # Security - perhaps Novell security guys can give us basic guidelines. This has two parts 1) The hard part - monitoring upstream changelogs, bugtraq and the like to identify security bugs. Should be probably maintainers' responsibility. 2) Fixing security bugs: As not every package maintainer has to be a programmer, we should allow version updates where it makes sense. === # Upstream vs. patched. (easy example: KVM from Alexander Graf, or from Sourceforge.net - difference is big) That should really be up to the package maintainer. If he is willing to maintain the patches, there should be no problem. -> not an issue === # Bugzilla integration (we need another discussion on that topic) This is not specific to contrib, better bugzilla integration would be beneficial for any build service project. For now, let's stick to <person role="bugowner" userid="xxx"/>. -> not an issue === # Who will be allowed to do what, see #Permissions It seems that everybody agreed on the reviewers/maintainers model (at least, I heard no objections) -> not an issue === # What about updates for single packages in that repository? If the repository is frozen after the release, we need an additional repository just for packages containing bugfixes and security fixes. Who will maintain this additional repository? Who will review the packages submitted there? Should there be patches like for the official openSUSE packages available? Related: [opensuse-factory] Contrib: Progress Patches are not possible right now, having two repositories is not a good idea. Let's just update packages in the repository. === # Forks ( fork is similar to duplicate packages; Think of Cinepaint and GIMP. Should we allow forks? ) As long as the package follows the rules (esp. the one about no conflicts with Factory packages), I see no problem here. -> not an issue === I'll remove the non-issues from the wiki page and try to write some rules about post-release updates, which is what the remaining two issues are about (but we should be able to start even without these rules in place). Michal -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
On Monday 15 of September 2008 14:30:07 Michal Marek wrote:
Hi, Hi all,
This has two parts programmer, we should allow version updates where it makes sense.
- The hard part - monitoring upstream changelogs, bugtraq and the like to identify security bugs. Should be probably maintainers' responsibility.
- Fixing security bugs: As not every package maintainer has to be a
3.) And the community also could help. If there'll be something new in upstream, they should open a bug. The Debian folks use a Bug Tracking system for update requests too.
# What about updates for single packages in that repository? If the repository is frozen after the release, we need an additional repository just for packages containing bugfixes and security fixes. Who will maintain this additional repository? Who will review the packages submitted there? Should there be patches like for the official openSUSE packages available? Related: [opensuse-factory] Contrib: Progress
Patches are not possible right now, having two repositories is not a good idea. Let's just update packages in the repository.
I agree - two different repositories are definitively not a good idea. What about this workflow? 1.) the maintaners lost the write access after freeze 2.) when is necessary to fix a (not only a security) bug, maintaner fix the package in home:maintaner (and maybe ask for testing on IRC/ML) - when is a fix done, he'll ask via a submitreq (or a similar mechanism) to apply of a patch - one of the reviewer (or maybe we could create a new role) will do that BTW: are there some guidelines for Packman? Maybe we are reinventing a wheel, because they have an experience with community based repository. Best regards Michal Vyskocil -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
Michal Vyskocil wrote:
On Monday 15 of September 2008 14:30:07 Michal Marek wrote:
Patches are not possible right now, having two repositories is not a good idea. Let's just update packages in the repository.
I agree - two different repositories are definitively not a good idea.
What about this workflow? 1.) the maintaners lost the write access after freeze 2.) when is necessary to fix a (not only a security) bug, maintaner fix the package in home:maintaner (and maybe ask for testing on IRC/ML)
- when is a fix done, he'll ask via a submitreq (or a similar mechanism) to apply of a patch
- one of the reviewer (or maybe we could create a new role) will do that
Yes, this is something I have in mind, too.
BTW: are there some guidelines for Packman? Maybe we are reinventing a wheel, because they have an experience with community based repository.
There are no packman releases, so at least from the "repository frozen" point onwards, we have to invent something ;). Michal -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
Hi Marek, In principle I agree on all points, except this one:
===
# Bugzilla integration (we need another discussion on that topic)
This is not specific to contrib, better bugzilla integration would be beneficial for any build service project. For now, let's stick to <person role="bugowner" userid="xxx"/>. -> not an issue
===
I'm not against it either - In fact, I don't understand it. What do you mean ? Can we add "contrib" to Novell bugzilla ? -- -Alexey Eromenko "Technologov" -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
Alexey Eremenko wrote:
Hi Marek,
In principle I agree on all points, except this one:
===
# Bugzilla integration (we need another discussion on that topic)
This is not specific to contrib, better bugzilla integration would be beneficial for any build service project. For now, let's stick to <person role="bugowner" userid="xxx"/>. -> not an issue
===
I'm not against it either - In fact, I don't understand it. What do you mean ? Can we add "contrib" to Novell bugzilla ?
Sorry ;). This can be added to project / package metadata and it adds a [Report Bug] link to the webclient. See here for example: https://build.opensuse.org/package/show?package=icewm&project=home%3Amic... . Unfortunately, it's only in the webclient and not on software.o.o or the like, therefore not really visible by the end-user. I got only two bugreports via this link since it has been introduced last year. But as I said, improving this is a topic for the whole buildservice, not (only) for contrib. Michal -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
In principle I agree on all points, except this one:
===
# Bugzilla integration (we need another discussion on that topic)
This is not specific to contrib, better bugzilla integration would be beneficial for any build service project. For now, let's stick to <person role="bugowner" userid="xxx"/>. -> not an issue
===
I'm not against it either - In fact, I don't understand it. What do you mean ? Can we add "contrib" to Novell bugzilla ?
Sorry ;). This can be added to project / package metadata and it adds a [Report Bug] link to the webclient. See here for example: https://build.opensuse.org/package/show?package=icewm&project=home%3Amic... . Unfortunately, it's only in the webclient and not on software.o.o or the like, therefore not really visible by the end-user. I got only two bugreports via this link since it has been introduced last year. But as I said, improving this is a topic for the whole buildservice, not (only) for contrib.
Which means we need to discuss it with people from Novell. Maybe coolo or Andreas Jaeger can help ? (I don't know who is responsible for the bugzilla...) -- -Alexey Eromenko "Technologov" -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
Sorry ;). This can be added to project / package metadata and it adds a [Report Bug] link to the webclient. See here for example: https://build.opensuse.org/package/show?package=icewm&project=home%3Amic... . Unfortunately, it's only in the webclient and not on software.o.o or the like, therefore not really visible by the end-user. I got only two bugreports via this link since it has been introduced last year. But as I said, improving this is a topic for the whole buildservice, not (only) for contrib.
Which means we need to discuss it with people from Novell. Maybe coolo or Andreas Jaeger can help ? (I don't know who is responsible for the bugzilla...)
What do we *need* to discuss? Michal -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
On Wed, Sep 17, 2008 at 7:39 AM, Michal Marek <mmarek@suse.cz> wrote:
Sorry ;). This can be added to project / package metadata and it adds a [Report Bug] link to the webclient. See here for example: https://build.opensuse.org/package/show?package=icewm&project=home%3Amic... . Unfortunately, it's only in the webclient and not on software.o.o or the like, therefore not really visible by the end-user. I got only two bugreports via this link since it has been introduced last year. But as I said, improving this is a topic for the whole buildservice, not (only) for contrib.
Which means we need to discuss it with people from Novell. Maybe coolo or Andreas Jaeger can help ? (I don't know who is responsible for the bugzilla...)
What do we *need* to discuss?
Better Integration between bugzilla and "contrib"/BS. This mean, that users must be able to open bugs in bugzilla, and we will know of it. Maybe even drop a copy on this mailing-list. But this may happen later, not now. -- -Alexey Eromenko "Technologov" -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
Alexey Eremenko wrote:
On Wed, Sep 17, 2008 at 7:39 AM, Michal Marek <mmarek@suse.cz> wrote:
Sorry ;). This can be added to project / package metadata and it adds a [Report Bug] link to the webclient. See here for example: https://build.opensuse.org/package/show?package=icewm&project=home%3Amic... . Unfortunately, it's only in the webclient and not on software.o.o or the like, therefore not really visible by the end-user. I got only two bugreports via this link since it has been introduced last year. But as I said, improving this is a topic for the whole buildservice, not (only) for contrib. Which means we need to discuss it with people from Novell. Maybe coolo or Andreas Jaeger can help ? (I don't know who is responsible for the bugzilla...) What do we *need* to discuss?
Better Integration between bugzilla and "contrib"/BS.
This mean, that users must be able to open bugs in bugzilla, and we will know of it.
They can open bugs right now, but they have to log in to build.opensuse.org and click the link. You can subscribe to opensuse-bugs and filter mail matching '[openSUSE:Factory:Contrib' to be notified about all bugs in Contrib packages.
Maybe even drop a copy on this mailing-list.
That would be interesting.
But this may happen later, not now.
Yeah, that was my point - better bugzilla integration in the build service would be nice to have in the future (and it's not _our_ issue ;)). Michal -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
participants (3)
-
Alexey Eremenko -
Michal Marek -
Michal Vyskocil