On Fri, Feb 16, 2018 at 4:24 PM, Jason L Tibbitts III <tibbs@xxxxxxxxxxx> wrote: >>>>>> "NG" == Neal Gompa <ngompa13@xxxxxxxxx> writes: > > NG> As upstream for rpmlint, I do not believe anyone cares at all about > NG> rpmlint in Fedora. > > We seemingly care so little for it that the rpmlint status appears on > every bodhi update. > > I did spend some time trying to make rpmlint better ages ago and kind of > got blocked by the restriction that it (at the time) had to conform to > whatever RHEL4 wanted. But that was obviously a long time ago. > > NG> Until we can fail builds on rpmlint errors (as both Mageia and > NG> openSUSE do), it's pointless to consider rpmlint as something that > NG> ensures things stay clean and sane. > > If you can tolerate no false positives from rpmlint then there must be a > pile of things it doesn't look at. I always saw it as a useful advisory > tool but have difficulty imagining that you could gate off of it. > > What I did was hack my local setup (which does auto-rpmlint directly > within vim) to accept magic comments to tell it to stop complaining > about certain things. I recall suggesting that upstream a long time ago > but not having much luck. But again, we're talking over a decade here. > The problem with Bodhi is that it's too late. By that point the build has been submitted, it's gone through all the steps involved in submitting updates, and to make matters worse, *all* test results are now hidden from people by default. It took me a while to figure out where the test results had gone after the change occurred. I honestly thought we had given up on those things initially. I've always felt that some of those tests should be happening post-build, not post-update submission. Failing builds on "obviously bad" packages makes for a bigger incentive to improve packaging. As for toleration of false positives, that's more of a sign that we don't quite have a well-tuned configuration and maybe there are some checks in rpmlint itself that need to be tweaked. In both Mageia and openSUSE, we have rpmlint policy packages that define the checks, the "scores", and the threshold in which it is bad enough to make something be rejected. The reason for this is because we want to block packages that are "obviously wrong" from being accepted by the build system. It's really the only way to make people consider improving their packaging. Everyone has tried nicer ways, and it doesn't work. And in both Mageia and openSUSE's case, you can define <srcpkgname>.rpmlintrc files that are picked up by the build system to ignore issues that are obvious false positives. Yes, this could be abused, and perhaps we shouldn't do that. But if you want packaging to improve, you need a way for people to reliably determine what they're doing is "good" or "bad". Right now, we don't have that, and my personal feeling is that if I spend the effort in doing so, it would be wasted because it wouldn't result in any improvement. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx