Hi, By de-digesting the FreshMeat [fm] digest, I have found the (apparently) new version 1.1 of your package nmzmail. (Old version last notified/in tree was 1.0). (This is just for your information. You decide whether to upgrade a package or not.) Extra Information: [029] nmzmail 1.1 Ciao, FreshMeat De Digster (/suse/meissner/projects/caldera-tools/packagehunter/fm/filter_freshmeat.pl) -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
On Tue, Apr 21, 2009 at 04:20:44AM +0200, FreshMeat De Digster wrote:
Hi,
By de-digesting the FreshMeat [fm] digest, I have found the (apparently) new version 1.1 of your package nmzmail. (Old version last notified/in tree was 1.0).
Done ;) -- Best regards / s pozdravem Petr Uzel, Packages maintainer --------------------------------------------------------------------- SUSE LINUX, s.r.o. e-mail: puzel@suse.cz Lihovarská 1060/12 tel: +420 284 028 964 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
On Dienstag 21 April 2009 14:52:48 Petr Uzel wrote:
By de-digesting the FreshMeat [fm] digest, I have found the (apparently) new version 1.1 of your package nmzmail. (Old version last notified/in tree was 1.0).
Done ;)
Reading this, two things "pop up" in my mind: 1) Contrib != frozen? Have I missed any new guidelines about packages in contrib are frozen after a release? 2) Security in mind...? Who controls changes in packages after the first review? As example (sorry Sascha - this is not against you - I took the first package I find): https://build.opensuse.org/package/show?package=rkhunter&project=openSUSE:Fa... Maintainer: saigkill saigkill is maintainer of the openSUSE:Factory:Contrib project and respectively (as far as I know) all of his packages/submissions should be reviewed. But as long as saigkill is added as maintainer for his package, he can do everything with it directly in openSUSE:Factory:Contrib once it is accepted. Is this really intended? With kind regards, Lars -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
On Wednesday 22 of April 2009 13:49:10 Lars Vogdt wrote:
On Dienstag 21 April 2009 14:52:48 Petr Uzel wrote:
By de-digesting the FreshMeat [fm] digest, I have found the (apparently) new version 1.1 of your package nmzmail. (Old version last notified/in tree was 1.0).
Done ;)
Reading this, two things "pop up" in my mind: 1) Contrib != frozen? Have I missed any new guidelines about packages in contrib are frozen after a release?
Afaik Contrib was not released. But situation is little bit unclear, because updates in frozen Contrib should be allowed too (and some peoples want to have Contrib as rolling updates repository like Packman).
2) Security in mind...? Who controls changes in packages after the first review?
Maintainers of packages and Contrib.
As example (sorry Sascha - this is not against you - I took the first package I find):
https://build.opensuse.org/package/show?package=rkhunter&project=openSUSE:F actory:Contrib
Maintainer: saigkill
saigkill is maintainer of the openSUSE:Factory:Contrib project and respectively (as far as I know) all of his packages/submissions should be reviewed. But as long as saigkill is added as maintainer for his package, he can do everything with it directly in openSUSE:Factory:Contrib once it is accepted.
Is this really intended?
Yes, this is current approach - changes of packages in Contrib are done by maintainers of those packages without explicit review. It's the same behavior as everyone project in openSUSE BuildService has. This was discussed several times (for example I prefer reviews for Contrib), but this is a current consensus.
With kind regards, Lars
Regards Michal Vyskocil -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
saigkill is maintainer of the openSUSE:Factory:Contrib project and respectively (as far as I know) all of his packages/submissions should be reviewed. But as long as saigkill is added as maintainer for his package, he can do everything with it directly in openSUSE:Factory:Contrib once it is accepted.
Is this really intended?
Yes, this is current approach - changes of packages in Contrib are done by maintainers of those packages without explicit review. It's the same behavior as everyone project in openSUSE BuildService has.
This was discussed several times (for example I prefer reviews for Contrib), but this is a current consensus.
The problem is that a package maintainer can also add new binary packages to his source files, like say "gcc" or whatever. So any packager, even with just write permissions to 1 package, can subvert the whole Contrib build. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
On Donnerstag 23 April 2009 08:50:12 Michal Vyskocil wrote:
1) Contrib != frozen? Have I missed any new guidelines about packages in contrib are frozen after a release?
Afaik Contrib was not released. But situation is little bit unclear, because updates in frozen Contrib should be allowed too (and some peoples want to have Contrib as rolling updates repository like Packman).
Yes, the current situation (ban rolling updates) is the main reason for me (and perhaps others) not to contribute to contrib. That's why I asked if this has changed.
2) Security in mind...? [...] Yes, this is current approach - changes of packages in Contrib are done by maintainers of those packages without explicit review. It's the same behavior as everyone project in openSUSE BuildService has.
This was discussed several times (for example I prefer reviews for Contrib), but this is a current consensus.
Nice - so on one hand, the current guidelines want to follow openSUSE as strict as possible (not allowing updates, reviewing packages before they appear in the repo) - and on the other hand, every packager can do whatever he want after his package is initially approved. *shaking my head* With kind regards, Lars -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
Am Freitag 24 April 2009 schrieb Lars Vogdt:
On Donnerstag 23 April 2009 08:50:12 Michal Vyskocil wrote:
1) Contrib != frozen? Have I missed any new guidelines about packages in contrib are frozen after a release?
Afaik Contrib was not released. But situation is little bit unclear, because updates in frozen Contrib should be allowed too (and some peoples want to have Contrib as rolling updates repository like Packman).
Yes, the current situation (ban rolling updates) is the main reason for me (and perhaps others) not to contribute to contrib. That's why I asked if this has changed. There are enough repos with rolling updates out there.
2) Security in mind...?
[...]
Yes, this is current approach - changes of packages in Contrib are done by maintainers of those packages without explicit review. It's the same behavior as everyone project in openSUSE BuildService has.
This was discussed several times (for example I prefer reviews for Contrib), but this is a current consensus.
Nice - so on one hand, the current guidelines want to follow openSUSE as strict as possible (not allowing updates, reviewing packages before they appear in the repo) - and on the other hand, every packager can do whatever he want after his package is initially approved. *shaking my head* Why is this bad? From what I can say, the people contributing showed a high level of responsibility. If this stops being the case, we can still add an additional review step.
Greetings, Stephan -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
Hi Coolo On Freitag 24 April 2009 10:38:23 Stephan Kulow wrote:
Nice - so on one hand, the current guidelines want to follow openSUSE as strict as possible (not allowing updates, reviewing packages before they appear in the repo) - and on the other hand, every packager can do whatever he want after his package is initially approved. *shaking my head*
Why is this bad? From what I can say, the people contributing showed a high level of responsibility.
If people showing a high level of responsibility - why has every new package from them be reviewed by the repo maintainers? - why don't you give the maintainers access to the whole repository? The current situation is something in between trusting people (to be able to maintain their packages without any further review) and not trusting people (not allowing them do submit whatever they like). "Your package needs a review for the first submission - if this is done, you're trusted - whatever you have in mind...." That's not what we have in place with the official openSUSE repository. But if you do not follow the openSUSE guidelines, why do you tell people that you do? ("In general Contrib has the same rules as Factory, [...]" [1])
If this stops being the case, we can still add an additional review step.
If endusers (who read your rules about "Packages need to go trough the contrib review process"[2]) initial report data loss as result of a packager doing ugly things, you change - what? * Your rules telling people that every package goes through the review process? * Your rules telling people that "Packages are owned by reviewers"?[3] and "Everything is handled by osc submitreq and goes trough a review " ? ...interesting... With kind regards, Lars [1]: http://en.opensuse.org/Contrib#Rules_or_What_Do_We_Do ^^^ Version from 16:21, 12 February 2009 [2]: http://en.opensuse.org/Contrib#Rules_for_the_packages ^^^ Version from 16:21, 12 February 2009 [3]: http://en.opensuse.org/Contrib#Permissions_or_Who_Does_What ^^^ Version from 16:21, 12 February 2009 -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-contrib+help@opensuse.org
participants (6)
-
FreshMeat De Digster -
Lars Vogdt -
Marcus Meissner
-
Michal Vyskocil -
Petr Uzel -
Stephan Kulow