On Tue, 15 Jun 2004 04:05:15 +0200 (CEST), Dag Wieers wrote: > > I do not "judge them as bad". I see flaws in the development model (e.g. > > a single individual doesn't scale). And in particular, in the third > > paragraph in the message you've linked, I make clear that I don't condemn > > 3rd party packages wholesale. > > Well, the problem is that what you start from is wrong. These no longer > are individual projects and to some degree never were. Don't try to change history. ;) > I'm not doing the QA myself. > You may have noticed that I include packages made by 4 different people, > as I mentioned before and as was cleverly cut away in your reply, I only > have to look at all the changes made by others, build the packages and > sign them. These are [quite] recent changes due to the "repo merge", where you exchange rpms with eachother and define an "authoritative packager". So e.g. you include a package from Matthias Saou in your repository and he includes one of yours in his repository. It's a first step towards distributing load (although you still rebuild the packages). Where does such package development take place? Where is the lifetime of a contributed new package documented other than in the post-release spec changelog? Is it done via private communication? Or is it possible for observers to monitor such package development prior to release? > In the same sense your point is that Linus doesn't scale either. Exactly. Hence in the past he has had specific requirements on how to submit incremental patches. If he were the only one forever to review and approve the changes applied to the kernel by hundreds of _untrusted_ contributors, that would be beyond his time. > > > > A single individual packaging hundreds of > > > > packages and releasing new packages (upgrades of packages in Fedora Core > > > > even!) without an open QA/Testing process. > > > > > > *You* do not have to use a repository if it replaces or upgrades > > > packages from Fedora Core. > > > > Still I'm free to advocate repositories which do not fork Fedora Core > > development and hence protect newbies from running into trouble. > > "Fork Fedora Core development" ? > "Protect newbies from running into trouble" ? > > In the previous paragrph you stated you don't judge these 3rd repositories > as bad. (scroll up) > > QED It's getting close to splitting hairs. If every kind of criticism is considered as judging something as "bad", so be it. Once more, I don't condemn 3rd party packages and 3rd party repositories wholesale, but I criticize general development models, non-open procedures, in particular that the bugzilla tracker is not advertized and bug reports are accepted via private mail. Let me see what you tried to prove above as I don't know what "these 3rd repositories" refer to (sometimes you refer to yours, sometimes to others). I see, you agree that updating Fedora Core with unofficial [3rd party] packages bears a risk. And in your opinion, risks are not just dangerous but inherently "bad". Or do the repositories you refer to cause trouble actually? If so, that is bad indeed, because trouble _is_ bad and should be avoided (unless users are warned). In general, unofficial Fedora Core updates can also be beneficial, e.g. for a repository which fits into the "Fedora Alternatives" classification. Or provided that bug-fix updates are reasonable and well-tested. Preferably however, official bug-fix updates for Fedora Core are prepared and tested, in particular if any extra packages need them. Generally, I see risks in upgrading packages in Fedora Core with unofficial packages. Similarly, I see risks in mixing repositories which upgrade eachother and don't adhere to the same packaging guidelines. Especially inexperienced users should avoid risks, as risks can be dangerous. I've seen users of 3rd party repositories, who upgraded Fedora Core packages and literally moved from leading edge towards bleeding edge, have various problems. That does not imply that those 3rd party repos are "bad". They may work for other users. It's not me who defines the target group of a repository. It's the users who choose themselves. *If* they choose themselves instead of asking for recommendations. If they ask for advise, I recommend the road of least surprise and the open development model. Don't put words into my mouth. Don't pick up rumours or believe any malicious gossip in private mails.