On Fri, 12 Dec 2008 09:25:19 -0700, Orion wrote: > Another update issue that raises some questions - > > - Does anyone actually read the comments in bodhi before allowing the > push request to proceed? Interesting issue, but it's not the first time this has happened. So, to sum up: * Some package maintainers insist on receiving problem reports for updates in bugzilla. In general, there's no guarantee, however, the bz ticket will be seen early enough to prevent a bad test-update from being pushed to stable. So, additional negative karma in bodhi seems to be the way to go. * Some people suggest that one has to enter bz ticket numbers in bodhi before becoming able to give negative karma. (I think that would be a waste of time for lots of cases) * Some package maintainers do notice negative karma in bodhi, but they choose to ignore it in cases where they think an issue is not worse enough. Even if it causes regression for some users, they mark an update as stable, because they expect it to fix other issues. * Communication problems between maintainers with regard to inter-package dependencies. Maintainer "A" asks maintainer "B" about a needed update of another package. "B" tells "A" which newer version is supposed to be sufficient. "A" then proceeds in bodhi without making sure that the needed update from "B" is released or that both updates will be pushed _at once_. Unclear here: The change in bodhi which requires that both maintainers have pkg cvs devel commit access for the relevant pkgs in order to submit update requests for them. Else bodhi's group updates would be the way to fix this and push rpcbind together with selinux-policy-targeted in a single set. > - Should update submitters be allowed to give positive karma to their > updates? Seems like that they are too biased. Agreed. Some spend positive karma on mass-updates without even having installed their packages on all dists. For example, some broken deps make it impossible to install a package with rpm/yum/... and require the --nodeps option. > - Is there any requirement that an update have positive karma before > being pushed to stable? No, not at all. That's a fault IMO. Many more updates ought to rely on the automatic pushing based on the minimum positive karma threshold. If package maintainers (and sufficiently privileged staff) retained the power to push an update despite its karma level, but only with a good rationale, the act of sabotage would become impossible and less attractive. (read: hostile users could not block an update from being pushed) > As of now, rpcbind will fail to start on F-9 with selinux in enforcing > mode (esp. important on servers!) until > selinux-policy-targeted-3.3.1-115.fc9 is pushed to stable. Seems like > we could have waited for that. I've thought "group updates" are supposed to fix that. Those are updates for multiple package at once. If one of the set/group of pkgs is bad and leads to too much negative karma while in updates-testing, the entire set of pkgs will be pulled. > We really need to work on this updates system. See Luke Macken's recent blog entry about some bodhi metrics. Several available features would be helpful *if* they were used more, instead of listening to fan-boys and early +1 voters (who even vote on pkgs downloaded from koji). -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
