On Thu, 16 Sep 2004 15:12:46 -0600, Rodolfo J. Paiz wrote: > > A qcad RPM package is waiting here for reviews: > > https://bugzilla.fedora.us/show_bug.cgi?id=848 > > > > What does "waiting here for reviews" mean? I found a src.rpm file > referenced, and will attempt to rebuild on my FC2 box. However, how do I > (as a user, not a coder) help to review this? New package submissions at fedora.us need GPG signed approvals before they would be passed on to the build server by a release manager and be put in a publicly accessible repository. Most important would be that a package rebuilds from src.rpm, installs, works, and uninstalls again without errors and is built from non-trojaned upstream sources (when in doubt and the upstream developers are trusted as not releasing malicious software themselves, they can be asked to confirm tarball checksums, too, or provide detached signatures somewhere). Unclean packaging or uncaught minor mistakes could be fixed with an update after release (and there's still the "testing" repository, too, where a package could be released for the first time for the community to hammer on it). http://www.fedora.us/wiki/PackageSubmissionQAPolicy#review The current QA documentation mostly consists of technical low-level things in order to avoid common packaging mistakes, some which could break the repository, too, or make a package fail to build. The packagers themselves ought to read that documentation and adjust their packages accordingly prior to submitting a package request. Usually, reviewers add their proof-reading or suggestions, though. Where help is appreciated, it should also be possible to get someone in the know of RPM packaging to take a look at the technical side of the package in addition to a run-time based review from somebody else. With the current QA system in bugzilla, after a first GPG signed approval of a package request, the REVIEWED keyword can be set at the top of a ticket to indicate that somebody has processed this request and approved the package. That makes it easier for other reviewers to join active package requests and contribute approvals or complementary reviews. And finally, some packagers provide binary packages in addition to the src.rpm, so for pure run-time based reviews, it would not be necessary to rebuild any packages from src.rpm. [However, everyone should be able to run "rpmbuild --rebuild filename.src.rpm" after installing the fedora-rpmdevtools package.] -- Fedora Core release 2 (Tettnang) - Linux 2.6.7-1.494.2.2 loadavg: 0.00 0.00 0.07
