On Sat, Jun 19, 2021 at 10:18:45PM +0200, Fabio Valentini wrote: > Hi everybody, > > With things like [0] (TL;DR: bots submitting broken builds to rawhide) > becoming a more regular occurrence, I propose that we extend the > existing Updates Policy [1] to make it explicit that bots are not > allowed to submit builds / updates - even to rawhide - unattended: > "Rawhide is not your CI environment." I agree with the goal of avoiding random snapshot packages in rawhide, but I disagree that banning bots is the way to achieve that. In this particular case, the problem is that the bot is either buggy or misconfigured or both. (I hope that the discussion in the other thread can clarify what went wrong.) A blanket ban for automated updates doesn't directly address the problem (because even a human could push the same broken snapshots to rawhide), and will constrain future development. [For example, let's say we make a bot that looks at the huge Python3.10 FTBFS/FTI dependency tree, watches bugzilla events, and automatically fires off a no-change rebuild of packages for which all depended-on have been closed. It would be forbidden by this policy, even though it wouldn't cause those kinds of problems we have now.] I think we should just disable this particular bot until it fixed. We should also clarify/update the Update Guidelines so that undesirable updates are disallowed, no matter if submitted by a bot or a human. > Currently, the Updates Policy states: > > - packagers must verify that no known broken builds are pushed, > - packagers must announce ABI and API changes once week in advance, > - packagers must not push pre-release versions of low-level packages. > > While it is debatable whether podman + friends + > container-stuff-dependencies count as "low-level" packages, they *are* > installed by default in Workstation. I think it is clear that by using > a bot to automatically push pre-release snapshots as rawhide updates, > the first two requirements CANNOT be met. First, I think podman fits the intent of this guideline, even if not the letter. Second, I think the guideline is simply wrong. As counterexamples, we currently have python3.10beta2 in rawhide, systemd-249-rc1, and kernel-5.13.0-0.rc6. Pushing pre-release vesions of low-level packages is a crucial part of development of the distro and collaboration with upstream projects and language ecosystems. Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
