On Mon, 2022-03-28 at 20:07 +0200, Martin Wilck wrote:
On Mon, 2022-03-28 at 18:56 +0200, Richard Brown wrote:
On Mon, 2022-03-28 at 18:53 +0200, Stefan Seyfried wrote:
On 28.03.22 18:50, Richard Brown wrote:
I agree, but this deficiency of Leap should not be addressed by encoraging people to use untested, unreviewed, unmaintained, unsupported, unsupportable software.
I find this statement disrespectful against everyone who maintains software in inofficial repos. Almost all packages in openSUSE started out in home projects and passed through a devel project before eventually being added to the distro. At the end of the day, the quality difference between official and inofficial packages is not as huge as you imply.
Why oh why, if, as you imply the difference is not as huge and consequently the effort required to push an app from random home repo to official Leap/TW repo is low, is the app not in any of the official repos? As someone who regularly submits packages to TW, and am deeply appreciative of the additional reviews that that entails, I have no idea why one would instead make these random, untested home (or even devel) repos even close to semi-official by recommending them from s.o.o or any o.o.
Even if for some reason a packager does not want their home package to end up in the official repos, there are other ways to "advertise" their packages. For example, I package bleeding edge releases of the app xournalpp on my home repo, and I pointed upstream [1] to these. They were happy and quick to set up links to my prj from their GitHub page.
Alternatively, a packager can write a blog highlighting their home project that they think may serve the end user. They could highlight the "zypper ar <URL>; zypper in -r <repo_name>" similar to how ppa's are advertised for unofficial Debian packages. Such blogs may even be carried on news.o.o I suppose.
Pending any effort from the packager towards any of these options, you should assume the packages in their home repos are not recommended for installation on any system and certainly should not be advertised at all from any o.o pages, in my opinion. Furthermore, one should stray far far away from any one click shopping from such repos.
So, I would recommend shutting down s.o.o without replacement.
Of course, when you activate someone's home repo, you don't know. The repo owner may be long gone or be a malicious jerk. So no, we shouldn't actively encourage it. But we shouldn't discourage it, either, because we'd be discouraging our distribution as such.
As a distro, we should of course discourage the installation of un- reviewed apps that easily carry the potential of breaking users' systems or worse. That nothing untowardly has happened so far does not mean it cannot in the future, and the distro should wash its hands off it asap.
Perhaps some weak "review" process could be established around public, inofficial OBS repositories. For example, a bot could auto-uncheck the "publish" flag for repos that haven't seen any updates for a long time, and users setting the "publish" flag could be asked to provide meaningful descriptions for their repos and the packages therein.
To what end? I think you will find that a significant majority of packagers willing to do this distance already submit their apps to Factory or advertise these in some other way.
We shouldn't be pushing people to 3rd party repos, Period.
OK, so we should advise them to "configure; make; sudo make install" instead?
Of course, the user may of their own accord do whatever they want with their system. That is not for the distro to recommend or even suggest weakly.
No, my advice would be not to use Leap, but that's totally getting off topic.
and use ... what? Factory also needs 3rd party repos. Not as strongly as Leap, but it still does. Not to mention that Factory has other disadvantages that simply don't make it suitable for everyone.
Factory is not TW. No distro is suitable for *everyone* I guess, but if you elaborate (perhaps on a separate thread) as to why you would not recommend TW to a user, perhaps we could figure out how to fix such complaints.
Btw, the discussion is not OT as long as people claim that simply ditching s.o.o was a step in the right direction:
Back to the topic at hand though, if discovering 3rd party software from software.opensuse.org is essential for Leap to be useful, that's a problem that needs to be addressed in Leap, not software.opensuse.org
Looking forward to your suggestions how to do that.
For example, stop recommending random home repos so packagers wanting to distribute their packages _have_ to submit it to official repos or work with upstream to publicise, etc.
[1] https://github.com/xournalpp/xournalpp