On Thu, 22 Jul 2004 17:46:08 -0400, Michael Tiemann wrote: > Michael: But perhaps I did understand the diagram--in that I observed > that it didn't attempt to cover new package submission. Thus, I've > attempted to enhance the diagram so that it /can/ cover that topic > (which is frequently discussed) as well. So my effort is complementary > to Ville's, not conflicting. Could also be that I misunderstand your changes in the diagram. ;o) Changed policies with regard to submission of new packages have been discussed already internally with quite different results. Actual policy updates pending. One of fedora.us' deficiences is that every new (!) package submitted by a non-trusted person (or even a trusted one) needs a massive amount of QA work (in particular security related checks!) before it could be approved, built and published. The goal of internal discussions was to make it easier for package maintainers to submit and publish new packages into an "unstable" or "development" repository after considerably less QA (because very often no one other than the packager is willing to review a package) and with the help of old packages which exist in other big and reputable Linux distributions already, e.g. Debian GNU/Linux, SuSE Linux or Mandrake Linux. In particular, source tarball checksums taken from such distributions could be relied on. Trusted submission without QA (in the diagram there's an arrow from Meta-Fedora BZ to PUBLISH) is not a good idea unless such packages would go into a "development" repository only. Further, I don't understand the role of what is referred to as "Well-Known 3rd Party Repos" and whether/why/when a package would be classified as "Well-known RPM". IMO a package is not well-known unless its complete life-cycle including bug reports and reviews is documented well in an open manner.
