On Sat, 2010-02-27 at 02:52 +0100, Kevin Kofler wrote: > Adam Jackson wrote: > > By my count, that's three misrepresentations in one paragraph. I > > certainly hope they were not deliberate. > > I'm not deliberately misrepresenting anything or anyone, I just stated my > perception of the facts. It may well be that I missed some details in the > hectic and chaotic discussion. But you did not state your perception of facts. You stated your perception _as_ fact. And as a result, you generated yet more chaotic discussion. Nice work. > > A more parsimonious explanation is that Matthew's simply been busy the > > last few days and hasn't gotten around to it yet. Again, this may or > > may not be true, but Occam's Razor suggests it's more likely. > > The problem is, when will it be ready? If it's ready on Tuesday afternoon > and the vote gets done on Tuesday evening, that's too short a notice to > gather appropriate feedback. If it's ready on Tuesday afternoon, what makes you think anyone's going to have time to read it thoroughly enough to be able to vote on it? Are you implying you're the only one on fesco that actually considers the proposal they're asked to vote on? > > You create package A. Someone else has created package B, with a > > triggerin script on A, unbeknownst to you, and you don't have B > > installed. Your testing of A will not reflect the experience of anyone > > with B installed. B's triggerin script might rm -rf /, for example. > > Uh, why do we even allow triggers without explicit FESCo approval (including > notification to the maintainers of the packages being triggered on)? They're > much more dangerous than linking a static library or bundling a library! No disagreement here. But that's sort of my point. Packaging is subtle, and putting controls in place to minimize disruption for consumers is a broadly positive thing. We should be monitoring for new scriptlets and reviewing suspicious ones. We should also not skip updates-testing just because we think we're not going to break anything. > > "Slipping through testing" is itself the problem. It means that testers > > aren't using testing! We should fix the technical and UX problems that > > make testing hard to consume. > > Even if you fix all the fixable problems, testing will still not be a silver > bullet! I didn't claim it would be. And I also don't see how that's relevant. I mean, your argument here is "it doesn't matter how good our infrastructure for testing fixes is, it'll still not catch everything; therefore we should allow people to bypass it if they want". By that argument, no prophylactic is 100% effective against diseases, therefore people should be free to not use them if they don't want to. You're positing A => B here. A might be true. B might be true. They might both be true! But it's not at all clear that A implies B. > > If I had a dollar for every obviously correct one-line fix that broke > > something, I could probably quit this software game. > > X11 is particularly dangerous for this kind of changes, given how low it is > in the software stack and how some code necessarily looks like (hardware > drivers in particular are always scary stuff). The average leaf package is > much less propice to breakage induced by minimal changes. While I understand the temptation to rank package importance and fragility by position in the dependency tree, remember that leaf packages are why people use the OS in the first place. No one runs Fedora just because they think coreutils is really neat. - ajax
Attachment:
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel