On Monday 05 September 2005 08:32, Andreas Girardet wrote:
Hello team
A few days ago a discussion on the opensuse-optimize mailinglist was started about the future of our distro in regard to its building blocks, the packages. A suggestion was made to extend this discussion to this list and invite anyone on here to add their ideas.
This is a great initiative. Two points I can't find on the wiki page. Bug-tracking system. I think it's important to have a bug-tracking system up for contributed packages. Probably we don't need to discuss the advantages of that. Review. I suppose many people whould not be comfortable with the prospect that packages from random people are committed without any review process. Quality is important. Thus I would like to see a group of people, people who have shown to have competence and commitment to review packages before they are commited. This is a good way to hold up a minimum of quality, ensure that SUSE's packaging policies are followed, etc. I see quality here more imporant than the number of rpms. People should also do some investigation to ensure that the packages are free of legal issues (at least as far as a non-lawyer can tell) and known security issues before the packages land on the servers. Packages with known security issues should not be commited at all until a patch is made (or maybe put into some seperate repository with a big red warning). Something else. The wiki page asks about how to integrate packman. Will this be possible at all? Packman contains packages which are illegal in a lot of countries. If this project want's to stay under the umbrella of openSUSE such packages are surely out of this game (think of copy-protection circumvention, and unlicensed media codecs). Maybe it would be a good idea to have a single repository for this kind of packages outside of the openSUSE project. From the wiki: "Packages should be allowed from any source regardless of the packagers seniority or trust level." Are you serious? People should install random software on their systems? Trust is important here. If the first packages arrive which break user systems, delete their data, install backdoors, etc. openSUSE will suffer from it. I too think everyone should be able to contribute packages, including people who have not yet much practise with rpm (I for example am just learning how to do them), etc. But those packages should be reviewed by more expierinces and trusted people before they land in the repositores. Cheers, Andreas