[opensuse-factory] On the insanity of the licensedigger bot
Hi: This fine piece of software keeps blindly rejecting package submissions for no reason whatsoever,license names that have been accepted for years now are instantly rejected,without human intervention. Will be cool if at least packages remain in state review after the bot has failed its dubious heuristics,so a human can look into it, instead of annoying developers at large. Cheers. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Mon, May 09, 2011 at 03:38:55PM -0400, Cristian Rodríguez wrote:
Hi:
This fine piece of software keeps blindly rejecting package submissions for no reason whatsoever,license names that have been accepted for years now are instantly rejected,without human intervention.
Will be cool if at least packages remain in state review after the bot has failed its dubious heuristics,so a human can look into it, instead of annoying developers at large.
Specific examples of the license bot out of control would be appreciated so it could be fixed. thanks, greg k-h -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Mon, 2011-05-09 at 13:36 -0700, Greg KH wrote:
On Mon, May 09, 2011 at 03:38:55PM -0400, Cristian Rodríguez wrote:
Hi:
This fine piece of software keeps blindly rejecting package submissions for no reason whatsoever,license names that have been accepted for years now are instantly rejected,without human intervention.
Will be cool if at least packages remain in state review after the bot has failed its dubious heuristics,so a human can look into it, instead of annoying developers at large.
Specific examples of the license bot out of control would be appreciated so it could be fixed.
Cryptic deny messages, that LGPLv2+ suddenly needs to be LGPLv2.1+ now. I really don't get the idea of all the crazy obs bots that make working such pain. People should not be allowed to throw their nitpicking issues that way at other people. They could use *their* own obs project to build the distro with *their* rules, and then fix the packages themselves. Guess, that would be fine treatment for their personal issues, instead of annoying everybody else. Kay -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On May 09, 11 23:00:01 +0200, Kay Sievers wrote:
Cryptic deny messages, that LGPLv2+ suddenly needs to be LGPLv2.1+ now.
LGPL versions 2.0 and 2.1 are actually two different licenses. Gnu Lesser ..., versuse Gnu Library... This is nothing my bot could decide, unless it recently started some artificial life on its own.
I really don't get the idea of all the crazy obs bots that make working such pain.
One of my crazy ideas is to find and establish a standard for license names. It causes the reviewers sufficient pain to see a lot of badly filled in licenses out there, to motivate the idea of doing something about it. Hope this is an acceptable view.
People should not be allowed to throw their nitpicking issues that way at other people. They could use *their* own obs project to build the distro with *their* rules, and then fix the packages themselves.
Guess, that would be fine treatment for their personal issues, instead of annoying everybody else.
I take it, you are royally annoyed, and just want me in another universe. I have heared earlier complaint about unfair rejects, but so far no good suggestion was made how to improve things. I can easily change all rejects into delegate to human -- this provokes delays instead. As of today, the manual review queue size is 170 submits. Other options I could think of: - implement the checks as rpmlint, so you get to see them earlier. - silently change spec-files during check-in. - accept the original submission, and send back another sr with a fix to the requester. - ignore the rubbish that we have in the specfiles, and educate our customers, that there is no hope for improvement. Sorry to elaborate on this review topic. cheers, JW- -- o \ Juergen Weigert paint it green! __/ _=======.=======_ <V> | jw@suse.de back to ascii! __/ _---|____________\/ \ | 0911 74053-508 __/ (____/ /\ (/) | _____________________________/ _/ \_ vim:set sw=2 wm=8 SUSE LINUX Products GmbH, GF: Jeff Hawn, J.Guild, F.Immendoerffer, HRB 16746 (AG Nuernberg), Maxfeldstrasse 5, 90409 Nuernberg, Germany SuSE. Supporting Linux since 1992. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tue, May 10, 2011 at 12:04:10AM +0200, Juergen Weigert wrote:
Other options I could think of:
- implement the checks as rpmlint, so you get to see them earlier. - silently change spec-files during check-in. - accept the original submission, and send back another sr with a fix to the requester. - ignore the rubbish that we have in the specfiles, and educate our customers, that there is no hope for improvement.
How about: - fix up obvious problems in the packages before requiring changes in the license-bot to be stopping others from checking stuff in? It isn't difficult to fix up 170 different packages and submit the changes if your tool can flag them. It's a pain, yes, but to expect others to do the work for you when you changed the rules is a bit unfair, don't you think? Or, if it's too much of a pain, post the problem packages here, and have others help you in fixing them. 170 packages could easily be divided up and fixed up in a day by a small handful of people. thanks, greg k-h -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
El 09/05/11 18:13, Greg KH escribió:
It isn't difficult to fix up 170 different packages and submit the changes if your tool can flag them.
Ok, that makes sense, much better than a mad bot rejecting stuff :-) flagging it with attribute openSUSE:NeedsLicenseReview and then providing a list of what and why is wrong is the best way to handle. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tuesday 10 May 2011 00:13:08 Greg KH wrote:
On Tue, May 10, 2011 at 12:04:10AM +0200, Juergen Weigert wrote:
Other options I could think of:
- implement the checks as rpmlint, so you get to see them earlier. - silently change spec-files during check-in. - accept the original submission, and send back another sr with a fix to
the requester.
- ignore the rubbish that we have in the specfiles, and educate
our customers, that there is no hope for improvement.
How about: - fix up obvious problems in the packages before requiring changes in the license-bot to be stopping others from checking stuff in?
It isn't difficult to fix up 170 different packages and submit the changes if your tool can flag them. It's a pain, yes, but to expect others to do the work for you when you changed the rules is a bit unfair, don't you think? 'Flagging' is (surely) the more gentle way of rejecting, but it's also saying 'nope, it can't enter yet'. According to my experience (doing manual review for Factory), nobody cares for anything except a reject. Instead of flagging stuff, I so far preferred to write personal e-mails. For 1/3 of them I get a response, so after a certain grace period (time for the packager to supersede it's submission), they're all rejected.
Or, if it's too much of a pain, post the problem packages here, and have others help you in fixing them. 170 packages could easily be divided up and fixed up in a day by a small handful of people. That's a word, but usually if your package is rejected because of it's license tag, you change it and resubmit, done in a matter of minutes. -- Mit freundlichen Grüßen, Sascha Peilicke http://saschpe.wordpress.com
Le 10/05/2011 08:56, Sascha Peilicke a écrit :
That's a word, but usually if your package is rejected because of it's license tag, you change it and resubmit, done in a matter of minutes.
may be the reject mail should give a list of prefered licences (may be it already do?) I understand that this licence problem is not pleasant, but it's a major issue for a distribution and can only be fixed by the original author (and probably not by the packager if they a not the same people) jdd -- http://www.dodin.net http://www.youtube.com/user/jdddodinorg http://jdd.blip.tv/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
* jdd (jdd@dodin.org) [20110510 09:04]:
I understand that this licence problem is not pleasant, but it's a major issue for a distribution and can only be fixed by the original author (and probably not by the packager if they a not the same people)
The actual license of a package isn't the problem here. The way the license of a package is stated in the License: tag in a spec is the problem. And that can indeed be fixed by the packager. Philipp -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Sascha Peilicke <saschpe@gmx.de> writes:
That's a word, but usually if your package is rejected because of it's license tag, you change it and resubmit, done in a matter of minutes.
No, it ist not. Most of the time, I do not understand what they want me to do. But this does not prevent me from asking them how to solve the issues. Yes, all this takes time. Maybe, it also saves time somewhere... -- Karl Eichwalder - R&D / Documentation SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg), Maxfeldstraße 5, 90409 Nürnberg, Germany -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On May 09, 11 15:13:08 -0700, Greg KH wrote:
How about: - fix up obvious problems in the packages before requiring changes in the license-bot to be stopping others from checking stuff in?
It isn't difficult to fix up 170 different packages and submit the changes if your tool can flag them.
Indeed, that is trivial. This is actually what we do. We submit changes back, as soon as we have identified a license change. (Otoh, I fear that this is exactly what annoyed Kay.) The main issue is: knowing which package requires a fix is the hard work. Most of the 170 queued packages probably don't need any fixing at all.
It's a pain, yes, but to expect others to do the work for you when you changed the rules is a bit unfair, don't you think?
I accept the infair bit, whenever the license says 'Contact Author', or 'Other uncritical Software License', or rubbish like that. This is where I need help from the Packager, as I cannot guess why such an unspecific license was chosen in the first place. In the normal process I see nothing unfair, as we send back a fine submit request, that tells the packager what we'd like to change.
Or, if it's too much of a pain, post the problem packages here, and have others help you in fixing them. 170 packages could easily be divided up and fixed up in a day by a small handful of people.
Be aware, that this is not a one-off. This is ongoing review. The overall number of reviews done went through the roof since we started reviewing all factory-submits. The licensedigger bot handles ca 90% of that. The rest remains manual review. I've changed the bot to forward the few rejects (ca 0.5%) also to manual review, except the submit sinply fails for technical reasons. The aditional manual workload should be minimal. cheers, JW- -- o \ Juergen Weigert paint it green! __/ _=======.=======_ <V> | jw@suse.de back to ascii! __/ _---|____________\/ \ | 0911 74053-508 __/ (____/ /\ (/) | _____________________________/ _/ \_ vim:set sw=2 wm=8 SUSE LINUX Products GmbH, GF: Jeff Hawn, J.Guild, F.Immendoerffer, HRB 16746 (AG Nuernberg), Maxfeldstrasse 5, 90409 Nuernberg, Germany SuSE. Supporting Linux since 1992. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tue, 2011-05-10 at 00:04 +0200, Juergen Weigert wrote:
On May 09, 11 23:00:01 +0200, Kay Sievers wrote:
People should not be allowed to throw their nitpicking issues that way at other people. They could use *their* own obs project to build the distro with *their* rules, and then fix the packages themselves.
Guess, that would be fine treatment for their personal issues, instead of annoying everybody else.
I take it, you are royally annoyed, and just want me in another universe.
Oh, no. :) I just think the people who want such changes need to fix all failing packages themselves, before they add any fatal rules to the build service. Instead of just force-pushing the work out to all the package maintainers which might not even have touched a license tag for years. Kay -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tue, 2011-05-10 at 00:04 +0200, Juergen Weigert wrote:
On May 09, 11 23:00:01 +0200, Kay Sievers wrote:
People should not be allowed to throw their nitpicking issues that way at other people. They could use *their* own obs project to build the distro with *their* rules, and then fix the packages themselves.
Guess, that would be fine treatment for their personal issues, instead of annoying everybody else.
I take it, you are royally annoyed, and just want me in another universe.
Oh, no. :)
I just think the people who want such changes need to fix all failing packages themselves, before they add any fatal rules to the build service. Instead of just force-pushing the work out to all the package maintainers which might not even have touched a license tag for years. This way you never educate your packagers. License tags are only one issue to fix (and we're progressing with that thanks to licensedigger). We have
On Tuesday 10 May 2011 01:32:24 Kay Sievers wrote: packages that violate naming policies, we have more than 100 Factory packages violating our shared library policy and lot's of packages with dubious rpmlintrc. I could go on with that list, but as long as those packagers have maintainers, it's their responsibility to get their stuff fixed as long as they want it to be part of Factory, simply. While you're right that some policy changes can be communicated more openly, most of the policies I mentioned are in effect since ages. -- Mit freundlichen Grüßen, Sascha Peilicke http://saschpe.wordpress.com
On Tue, May 10, 2011 at 09:03:04AM +0200, Sascha Peilicke wrote:
This way you never educate your packagers. License tags are only one issue to
Your private email I get have really educational character, yes :-).
fix (and we're progressing with that thanks to licensedigger). We have packages that violate naming policies, we have more than 100 Factory packages
I am not aware of any naming policy for fonts for openSUSE. Petr
On Tuesday 10 May 2011 14:35:50 Petr Gajdos wrote:
On Tue, May 10, 2011 at 09:03:04AM +0200, Sascha Peilicke wrote:
This way you never educate your packagers. License tags are only one issue to
Your private email I get have really educational character, yes :-).
fix (and we're progressing with that thanks to licensedigger). We have packages that violate naming policies, we have more than 100 Factory packages
I am not aware of any naming policy for fonts for openSUSE. IMO I've attached a link to that mail you referred to. But you're right, we should move it to the current wiki and update it accordingly. -- Mit freundlichen Grüßen, Sascha Peilicke http://saschpe.wordpress.com
Am Tuesday, 10. May 2011, 00:04:10 schrieb Juergen Weigert:
On May 09, 11 23:00:01 +0200, Kay Sievers wrote: ...
People should not be allowed to throw their nitpicking issues that way at other people. They could use *their* own obs project to build the distro with *their* rules, and then fix the packages themselves.
Guess, that would be fine treatment for their personal issues, instead of annoying everybody else.
I take it, you are royally annoyed, and just want me in another universe.
I have heared earlier complaint about unfair rejects, but so far no good suggestion was made how to improve things. I can easily change all rejects into delegate to human -- this provokes delays instead. As of today, the manual review queue size is 170 submits.
Other options I could think of:
- implement the checks as rpmlint, so you get to see them earlier.
or into the source validator package, so it complains already at commit time. The earliest possible point.
- silently change spec-files during check-in.
nope, this is what we want to get rid of. We could integrate it in the upcomming spec file formater of osc though. But I doubt that it would have all required data to run there, right ?
- accept the original submission, and send back another sr with a fix to the requester.
Serious option, because this is currently a one time issue in first place, right ? bye adrian -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tue, May 10, 2011 at 08:44:23AM +0200, Adrian Schröter wrote:
Am Tuesday, 10. May 2011, 00:04:10 schrieb Juergen Weigert:
On May 09, 11 23:00:01 +0200, Kay Sievers wrote: ...
People should not be allowed to throw their nitpicking issues that way at other people. They could use *their* own obs project to build the distro with *their* rules, and then fix the packages themselves.
Guess, that would be fine treatment for their personal issues, instead of annoying everybody else.
I take it, you are royally annoyed, and just want me in another universe.
I have heared earlier complaint about unfair rejects, but so far no good suggestion was made how to improve things. I can easily change all rejects into delegate to human -- this provokes delays instead. As of today, the manual review queue size is 170 submits.
Other options I could think of:
- implement the checks as rpmlint, so you get to see them earlier.
or into the source validator package, so it complains already at commit time. The earliest possible point.
I would say rpmlint is better and in earliest phase ;-). The source validator is for cases rpmlint cannot handle. Plus it is almost impossible to build package in Factory without rpmlint (I expect our autobuild checkin team reject all packages with BuildIgnore rpmlint). On the other hand it's trivial send package without check of source validators.
- silently change spec-files during check-in.
nope, this is what we want to get rid of. We could integrate it in the upcomming spec file formater of osc though. But I doubt that it would have all required data to run there, right ?
Yes, please do not modify spec file at all! Having strict checks with a description how to fix the problem is the best approach. Regards Michal Vyskocil
Am Wednesday, 11. May 2011, 09:56:59 schrieb Michal Vyskocil:
On Tue, May 10, 2011 at 08:44:23AM +0200, Adrian Schröter wrote:
Am Tuesday, 10. May 2011, 00:04:10 schrieb Juergen Weigert:
On May 09, 11 23:00:01 +0200, Kay Sievers wrote: ...
People should not be allowed to throw their nitpicking issues that way at other people. They could use *their* own obs project to build the distro with *their* rules, and then fix the packages themselves.
Guess, that would be fine treatment for their personal issues, instead of annoying everybody else.
I take it, you are royally annoyed, and just want me in another universe.
I have heared earlier complaint about unfair rejects, but so far no good suggestion was made how to improve things. I can easily change all rejects into delegate to human -- this provokes delays instead. As of today, the manual review queue size is 170 submits.
Other options I could think of:
- implement the checks as rpmlint, so you get to see them earlier.
or into the source validator package, so it complains already at commit time. The earliest possible point.
I would say rpmlint is better and in earliest phase ;-).
The validator can run without waiting for the entire build.
The source validator is for cases rpmlint cannot handle. Plus it is almost impossible to build package in Factory without rpmlint (I expect our autobuild checkin team reject all packages with BuildIgnore rpmlint). On the other hand it's trivial send package without check of source validators.
not in future, packages will turn into broken state if they don't succeed in the validator anymore.
- silently change spec-files during check-in.
nope, this is what we want to get rid of. We could integrate it in the upcomming spec file formater of osc though. But I doubt that it would have all required data to run there, right ?
Yes, please do not modify spec file at all! Having strict checks with a description how to fix the problem is the best approach.
The formater will come anyway most likely. Rudi and me are working on integrating it so that the factory checkins don't modify spec files anymore. -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Other options I could think of:
- implement the checks as rpmlint, so you get to see them earlier.
or into the source validator package, so it complains already at commit time. The earliest possible point.
I also mentioned rpmlint as this would notify a packager already during test build, but we cannot rely on everybody doing test builds. A source validator is safer. OTOH, updates to rpmlint propagate faster than updates to a source validator. Maybe we need to adapt (i.e. relax) the rules a few times...
- silently change spec-files during check-in.
nope, this is what we want to get rid of. Agreed.
We could integrate it in the upcomming spec file formater of osc though. But I doubt that it would have all required data to run there, right ?
Best plan is probably to reach out to the api at license.opensuse.org and have the check done there, that allows me to keep the effektive rules 100% in sync with what we have on the web.
- accept the original submission, and send back another sr with a fix to the requester. Serious option, because this is currently a one time issue in first place, right ?
Yes. We'll announce a mass license update, once as we see SPDX, Fedora, Debian and others nod on our proposal. That should allow us to take care of most of it in one batch of submit requests. ETA June. cheers, JW- -- o \ Juergen Weigert paint it green! __/ _=======.=======_ <V> | jw@suse.de back to ascii! __/ _---|____________\/ \ | 0911 74053-508 __/ (____/ /\ (/) | _____________________________/ _/ \_ vim:set sw=2 wm=8 SUSE LINUX Products GmbH, GF: Jeff Hawn, J.Guild, F.Immendoerffer, HRB 16746 (AG Nuernberg), Maxfeldstrasse 5, 90409 Nuernberg, Germany SuSE. Supporting Linux since 1992. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Juergen Weigert wrote:
[...] - implement the checks as rpmlint, so you get to see them earlier.
Yes, please. There is in fact already a license check in upstream rpmlint¹. It's just disabled as our license tags were not compatible with the scheme used by rpmlint. Meanwhile it should work I guess. The algorithm is to split the license tag at 'and' and 'or' and then string compare the components against a list of valid licenses. The list can be set via global config file. cu Ludwig [1] http://rpmlint.zarb.org/cgi-bin/trac.cgi/browser/trunk/TagsCheck.py -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Mon, 2011-05-09 at 13:36 -0700, Greg KH wrote:
On Mon, May 09, 2011 at 03:38:55PM -0400, Cristian Rodríguez wrote:
Hi:
This fine piece of software keeps blindly rejecting package submissions for no reason whatsoever,license names that have been accepted for years now are instantly rejected,without human intervention.
Will be cool if at least packages remain in state review after the bot has failed its dubious heuristics,so a human can look into it, instead of annoying developers at large.
Specific examples of the license bot out of control would be appreciated so it could be fixed.
Cryptic deny messages, that LGPLv2+ suddenly needs to be LGPLv2.1+ now.
I really don't get the idea of all the crazy obs bots that make working such pain. Well, it may still have issues but so far it's a big aid to us as the reviewers aren't lawyers, but licensedigger has that kind of knowledge. So it's not a pain but a necessity. One could argue about it's review messages
People should not be allowed to throw their nitpicking issues that way at other people. They could use *their* own obs project to build the distro with *their* rules, and then fix the packages themselves.
Guess, that would be fine treatment for their personal issues, instead of annoying everybody else. Well, the application of licensedigger (and coolo's check script) are Factory
On Monday 09 May 2011 23:00:01 Kay Sievers wrote: though :-) policy. -- Mit freundlichen Grüßen, Sascha Peilicke http://saschpe.wordpress.com
On May 09, 11 15:38:55 -0400, Cristian Rodríguez wrote:
Hi:
This fine piece of software keeps blindly rejecting package submissions for no reason whatsoever,license names that have been accepted for years now are instantly rejected,without human intervention.
It is hard to tell if I should now voices some justifications, or start fixing a bug. Please post some submit request numbers, so that I can see what happened. Intentional rejects exist, covering a few license names, that never have been good, and were only acceptable because no one was looking.
Will be cool if at least packages remain in state review after the bot has failed its dubious heuristics,so a human can look into it, instead of annoying developers at large.
If a heursitics is dubious, it needs fixing. We have been critizised for leaving requests hanging in review state too. cheers, JW- -- o \ Juergen Weigert paint it green! __/ _=======.=======_ <V> | jw@suse.de back to ascii! __/ _---|____________\/ \ | 0911 74053-508 __/ (____/ /\ (/) | _____________________________/ _/ \_ vim:set sw=2 wm=8 SUSE LINUX Products GmbH, GF: Jeff Hawn, J.Guild, F.Immendoerffer, HRB 16746 (AG Nuernberg), Maxfeldstrasse 5, 90409 Nuernberg, Germany SuSE. Supporting Linux since 1992. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (12)
-
Adrian Schröter -
Cristian Rodríguez -
Greg KH -
jdd -
Juergen Weigert -
Karl Eichwalder -
Kay Sievers -
Ludwig Nussel -
Michal Vyskocil -
Petr Gajdos -
Philipp Thomas -
Sascha Peilicke