It would be interesting to hear what others think the direction should
be. If you think "just pick a direction, I don't care which", stating
so wouldn't hurt either.
On Sun, 12 Jun 2005, Eric Rostetter wrote:
published after 2 weeks of timeout unless needswork/discuss or issues
are identified.
If we assume the person who created the package has done some QA before
submitting it for QA, then one vote could be seen as two, unless that
only vote is from the creator. I'm not sure why some/most package creators
don't submit QA feedback on their own packages, but maybe we can get
them to do so in the future?
Anyway, if the creator posts a QA, this would guarantee all packages get
released in 2 weeks. I like that everything gets out, but I think 2 weeks
is maybe too fast for only the creator doing QA (possibly on only one OS
version for a patch that covers multiple OS versions). See my concern
here?
I guess you could modify it as "1 VERIFY from someone other than the
package/patch creator" but...
Purely from the administrative perspective, IMHO, the package creator
must not give PUBLISH or VERIFY votes, though such can be implicit.
There is too much conflict of interest there, so recusing is IMHO the
only option.
2) 2 VERIFY votes are needed (for any version), after that packages
are published after 2 weeks of timeout unless needswork/discuss or
issues are identified.
I like this one, and could live with it. Even if the creator does a QA,
the creator must do multiple OS version QA, or we still need someone else
to do QA. This is much better than #1 because a creator can't force an
otherwise untested package out the door.
a) timeout is counted from the first VERIFY
b) timeout is counted from the second VERIFY
It seems to be logical it would have to be after the second, since there
could be more than 2 weeks between the first and second...
I'm OK with either approach, but I'd prefer a) with the interpretation
that the creator does not do formal QA (so if you'd always count that
as one, it would be equivalent to what you're thinking).
3) 2 VERIFY votes are needed (for any version), after that packages
are published after at most 4 weeks of timeout after the first verify,
but two weeks after the second, unless needswork/discuss or issues are
identified.
I think this is the very best. I'd also be able to settle for a modified
version:
1 verify vote (for any version) plus 4 weeks of no activity, or 2 verify
votes (for any version) and 2 weeks of no activity after the first
verify vote.
The above modification means everything is released (if the creator
does a QA) after at most 4 weeks...
As stated above, I don't think we should recommend (or even allow) the
package creator doing QA for his/her own packages. That's the other
people's job, and ensures the logical separation of functions.
Of course, we could assume that most package creators do test the
packages they create, and implicitly include that here (i.e., require
just one "external" verify vote to approve a package after a timeout).
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list
