Mailinglist Archive: opensuse-project (245 mails)

< Previous Next >
Re: [opensuse-project] Build Service trust/rating system
  • From: Will Stephenson <wstephenson@xxxxxxx>
  • Date: Mon, 4 Feb 2008 11:53:41 +0100
  • Message-id: <200802041153.41638.wstephenson@xxxxxxx>
On Tuesday 29 January 2008, Dr. Peter Poeml said:
On Tue, Jan 29, 2008 at 03:12:49PM +0100, Rupert Horstkötter wrote:
I want to raise your attention on a project I'm currently working on
with Adrian: the implementation of a trust/rating system for the OBS.
We'd appreciate if everyone interested could communicate his
opinions/thoughts/impressions on this. We are very interested to get
some input from the whole openSUSE community.
Adrian has already posted a wiki entry which gives further information
on the subject here...
http://en.opensuse.org/Build_Service/Concepts/Trust Feel free to comment
on this - input is highly appreciated!

I read the proposal it I like it. It seems reasonable and doable.
I appreciate the decision to offer different ways of how trust can be
"earned". I'm not sure if that can be molded into a single number,
however I would be happy with several separate "channels" of trust, if
you know what I mean.

Agreed, since trust is advisory, one's assessment of trust would be helped by
having some discrete information on a packager eg:

Joe Packager
Individual assertions of trustworthiness
[x] signed guiding principles
[x] signed maintenance agreement
[x] assured identity
Trust Testimonials from others
[x] Novell employee
trusted by Jane Packager (trust: 40)
trusted by Jim Packager (trust: 10)
trusted by Johnny Packager (trust: 1)
Statistics
Time in project: 3 years 1 month
Packages maintained: 12
Mean package update latency: 10.3 days [*]
Bugs/package: 1.7 [**]
Mean Rpmlint warning score: 20

I guess you could come up with some kind of weighting for each of these values
to come up with an overall trust metric. My question is, how would this
trust metric be used? Is it shown to the user upon adding a repo along with
a scale explaining eg "Trust 100 - 80: Highly trusted. These packages are
believed to be of high quality, follow openSUSE packaging guidelines well and
are kept up to date, ..."? I guess the trust scoring system is influenced by
cacert.org - can someone actively involved there explain the rest of their
mechanism?

[*] could be computed by logging release dates from Marcus' release scraper
scripts and comparing those to the dates packages were updated
[**] fairly arbitrary unless there were a way to distinguish packaging bugs on
a package.

Will
--
Desktop Engineer
KDE Team
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-project+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups