Package Review Process

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
m (Reviewer)
(fix some links, remove some redundancy, fix some wiki syntax)
Line 1: Line 1:
 
<!-- page was renamed from HowToReviewPackages
 
<!-- page was renamed from HowToReviewPackages
 
-->
 
-->
'''Author:''' [[TomCallaway|  Tom 'spot' Callaway]] <BR>
+
'''Author:''' [[TomCallaway|  Tom 'spot' Callaway]] and others<BR>
'''Revision:''' 0.04<BR>
+
'''Revision:''' 0.05<BR>
'''Initial Draft:''' Monday Mar 12, 2007<BR>
+
'''Initial Draft:''' 2007-03-12<BR>
'''Last Revised:''' Wed, Aug 13, 2008<BR>
+
'''Last Revised:''' 2009-09-16<BR>
 
+
 
+
  
  
Line 12: Line 10:
 
== Review Purpose ==
 
== Review Purpose ==
  
In order for a new package to be accepted into CVS, that package must first undertake a formal review. The purpose of this formal review is to try to ensure that the package meets the quality control requirements for Fedora. This does not mean that the package (or the software being packaged) is perfect, but it should meet baseline minimum requirements for quality.
+
In order for a new package to be added to Fedora, the package must first undertake a formal review. The purpose of this formal review is to try to ensure that the package meets the quality control requirements for Fedora. This does not mean that the package (or the software being packaged) is perfect, but it should meet baseline minimum requirements for quality.
  
 
{{Anchor|ReviewPurpose}}
 
{{Anchor|ReviewPurpose}}
Line 21: Line 19:
 
=== Contributor ===
 
=== Contributor ===
  
A Contributor is defined as someone who wants to submit (and maintain) a package in Fedora.  To become a contributor, you must follow the detailed instructions to [[Join the package collection maintainers]].
+
A Contributor is defined as someone who wants to submit (and maintain) a new package in Fedora.  To become a contributor, you must follow the detailed instructions to [[Join the package collection maintainers]].
  
As a Contributor, you should have already made a package which adheres to the [[Packaging/NamingGuidelines| Package Naming Guidelines]]  and [[Packaging/Guidelines| Packaging Guidelines]] . You should also be aware of ForbiddenItems.
+
As a Contributor, you should have already made a package which adheres to the [[Packaging/NamingGuidelines| Package Naming Guidelines]]  and [[Packaging/Guidelines| Packaging Guidelines]]. There are also some packages that cannot be included in Fedora, to check if your package applies, check if it contains any [[Forbidden items]].
  
 
When you're happy with your spec file, you should then submit that SRPM to a package review.
 
When you're happy with your spec file, you should then submit that SRPM to a package review.
 
Currently, this is done by following these steps:
 
Currently, this is done by following these steps:
  
# Put your spec file and SRPM somewhere on the Internet.<BR>
+
# Put your spec file and SRPM somewhere on the Internet.
# Fill out a request for review in bugzilla. The form is here: https://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Fedora&format=extras-review
+
# Fill out a request for review in bugzilla. The form is here: [https://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Fedora&format=extras-review]. Here is what a sample bugzilla request for review looks like: [[Image:PackageReviewProcess_review.png]]
Here is what a sample bugzilla request for review looks like:
+
# Wait for someone to review your package! At this point in the process, the '''fedora-review flag''' is blank, meaning that no reviewer is assigned.
 
+
# A reviewer takes on the task of reviewing your package. They will set the '''fedora-review flag''' to '''?'''
<!--http://people.redhat.com/tcallawa/sample-review-small.png
+
# The reviewer will review your package. You should fix any blockers that the reviewer identifies. Once the reviewer is happy with the package, the '''fedora-review''' flag will be set to '''+''', indicating that the package has passed review.
-->
+
# At this point, you need to request CVS branches for your newly approved package with [[CVS admin requests]]
[[Image:PackageReviewProcess_review.png]]
+
# When the [[CVS admin requests]] are complete, you can import your package into CVS.
 
+
# Cvs checkout the package, do a final check of spec file tags, etc, and run "make tag".
# Wait for someone to review your package! At this point in the process, the '''fedora-review flag''' is blank, meaning that no reviewer is assigned.<BR>
+
# Request a build by running "make build".
# A reviewer takes on the task of reviewing your package. They will set the '''fedora-review flag''' to '''?'''<BR>
+
# The reviewer will review your package. You should fix any blockers that the reviewer identifies. Once the reviewer is happy with the package, they will set the '''fedora-review''' flag to '''+''', indicating that the package has passed review. <BR>
+
# At this point, you can request CVS branches for your newly approved package with [[CVS admin requests]] <BR>
+
# When the [[CVS admin requests]] are complete, you can import your package into CVS.<BR>
+
# Cvs checkout the package, do a final check of spec file tags, etc, and run "make tag".<BR>
+
# Request a build by running "make build".<BR>
+
 
# Repeat the process for other branches you may have requested.
 
# Repeat the process for other branches you may have requested.
 
# Request updates for Fedora release branches, if necessary, using "make build" or another Bodhi interface as detailed in [[Bodhi Guide]].
 
# Request updates for Fedora release branches, if necessary, using "make build" or another Bodhi interface as detailed in [[Bodhi Guide]].
Line 51: Line 43:
 
=== Reviewer ===
 
=== Reviewer ===
  
A Reviewer is defined as the person who chooses to review a package. For the sake of clarity, one person takes ownership of the review. '''Other people are encouraged to comment on the review as well, either in the bug or on the mailing list.'''  The primary Reviewer can be any Fedora account holder but they must be a member of the '''packager''' group in order to actually approve the package.  If the Contributor is not sponsored, the review must be done by a Sponsor. You can check if a Contributor has already been sponsored by looking in the [https://admin.fedoraproject.org/accounts/group/members/packager packager group of the account system].
+
The Reviewer is the person who chooses to review a package.
  
As a Reviewer, your job is to review the packages submitted in bugzilla request for reviews. You can see all the packages that need a reviewer by going here: <BR>
+
{{admon/note|Comments by other people|
 +
Other people are encouraged to comment on the review request as well. Especially people searching for sponsorship should comment other review requests to show, that they know the [[Packaging:Guidelines|Packaging Guidelines]].
 +
}}
 +
 
 +
The Reviewer can be any Fedora account holder, who is a member of the [https://admin.fedoraproject.org/accounts/group/members/packager/* packager group]. There is one exception: If it is the first package of a Contributor, the Reviewer must be a [https://admin.fedoraproject.org/accounts/group/members/packager/*/sponsor Sponsor]. You can check if a Contributor has already been sponsored by looking the e-mail address up in the [https://admin.fedoraproject.org/accounts/group/members/packager/* packager group of the account system].
 +
 
 +
The job of the Reviewer is to review the packages submitted in bugzilla request for reviews. You can see all the packages that need a reviewer by going here: <BR>
 
[[PackageMaintainers/ReviewRequests | PackageMaintainers/UnassignedReviewRequests]]
 
[[PackageMaintainers/ReviewRequests | PackageMaintainers/UnassignedReviewRequests]]
  
Line 61: Line 59:
 
# Assign the bug to yourself.  '''The ticket should stay assigned to you from now on, unless you leave the review for some reason.'''<BR>
 
# Assign the bug to yourself.  '''The ticket should stay assigned to you from now on, unless you leave the review for some reason.'''<BR>
 
# Review the package.
 
# Review the package.
* Go through the MUST items listed in [[Packaging/ReviewGuidelines| Review Guidelines]] .
+
#* Go through the MUST items listed in [[Packaging:ReviewGuidelines| Review Guidelines]] .
* It also doesn't hurt to go through the SHOULD items in [[Packaging/ReviewGuidelines| Review Guidelines]] .
+
#* Go through the SHOULD items in [[Packaging:ReviewGuidelines| Review Guidelines]] .
 
# Take one of the following actions:
 
# Take one of the following actions:
* ACCEPT: If the package is good, set the '''fedora-review''' flag to '''+''' <BR>
+
#* ACCEPT: If the package is good, set the '''fedora-review''' flag to '''+''' <BR>
* If the Reviewer is also acting as Sponsor for the Contributor, then this is the time to sponsor the Contributor in the [https://admin.fedoraproject.org/accounts/ account system] .
+
#*# If the Reviewer is also acting as Sponsor for the Contributor, then this is the time to sponsor the Contributor in the [https://admin.fedoraproject.org/accounts/ account system] .
* FAIL, LEGAL: If the package is legally risky for whatever reason (known patent or copyright infringement, trademark concerns) close the bug WONTFIX and leave an appropriate comment (i.e. we don't ship mp3, so stop submitting it). Set the '''fedora-review''' flag to '''-''', and have the review ticket block FE-Legal.
+
#* FAIL, LEGAL: If the package is legally risky for whatever reason (known patent or copyright infringement, trademark concerns) close the bug WONTFIX and leave an appropriate comment (i.e. we don't ship mp3, so stop submitting it). Set the '''fedora-review''' flag to '''-''', and have the review ticket block FE-Legal.
* FAIL, OTHER: If the package is just way off or unsuitable for some other reason, and there is no simple fix, then close the bug WONTFIX and leave an appropriate comment (i.e. we don't package pornography for redistribution, sorry. Or, this isn't a specfile, it's a McDonald's menu, sorry.) Set the '''fedora-review''' flag to '''-'''.
+
#* FAIL, OTHER: If the package is just way off or unsuitable for some other reason, and there is no simple fix, then close the bug WONTFIX and leave an appropriate comment (i.e. we don't package pornography for redistribution, sorry. Or, this isn't a specfile, it's a McDonald's menu, sorry.) Set the '''fedora-review''' flag to '''-'''.
* NEEDSWORK: Anything that isn't explicitly failed should be left open while the submitter and reviewer work together to fix any potential issues. Mark the bug as NEEDINFO while waiting for the reviewer to respond to improvement requests; this makes it easier for reviewers to find open reviews which require their input.
+
#* NEEDSWORK: Anything that isn't explicitly failed should be left open while the submitter and reviewer work together to fix any potential issues. Mark the bug as NEEDINFO while waiting for the reviewer to respond to improvement requests; this makes it easier for reviewers to find open reviews which require their input.
 
# Once a package is flagged as '''fedora-review +''' (or '''-'''), the Reviewer's job is done although they may be called upon to assist the Contributor with the import/build/update process and to sure that the Contributor closes the ticket out when the process is complete.
 
# Once a package is flagged as '''fedora-review +''' (or '''-'''), the Reviewer's job is done although they may be called upon to assist the Contributor with the import/build/update process and to sure that the Contributor closes the ticket out when the process is complete.
 
== Things To Check On Review ==
 
The Fedora Packaging Committee provides a list of things that MUST and SHOULD be checked on review. This list can be found here: [[Packaging/ReviewGuidelines| Review Guidelines]]
 
  
 
== Definitions for fedora-review Flag Settings ==
 
== Definitions for fedora-review Flag Settings ==

Revision as of 19:29, 16 September 2009

Author: Tom 'spot' Callaway and others
Revision: 0.05
Initial Draft: 2007-03-12
Last Revised: 2009-09-16


Contents

Review Purpose

In order for a new package to be added to Fedora, the package must first undertake a formal review. The purpose of this formal review is to try to ensure that the package meets the quality control requirements for Fedora. This does not mean that the package (or the software being packaged) is perfect, but it should meet baseline minimum requirements for quality.

Review Process

There are two roles in the review process, that of the contributor and that of the reviewer. In this document, we'll present both perspectives.

Contributor

A Contributor is defined as someone who wants to submit (and maintain) a new package in Fedora. To become a contributor, you must follow the detailed instructions to Join the package collection maintainers.

As a Contributor, you should have already made a package which adheres to the Package Naming Guidelines and Packaging Guidelines. There are also some packages that cannot be included in Fedora, to check if your package applies, check if it contains any Forbidden items.

When you're happy with your spec file, you should then submit that SRPM to a package review. Currently, this is done by following these steps:

  1. Put your spec file and SRPM somewhere on the Internet.
  2. Fill out a request for review in bugzilla. The form is here: [1]. Here is what a sample bugzilla request for review looks like: PackageReviewProcess review.png
  3. Wait for someone to review your package! At this point in the process, the fedora-review flag is blank, meaning that no reviewer is assigned.
  4. A reviewer takes on the task of reviewing your package. They will set the fedora-review flag to ?
  5. The reviewer will review your package. You should fix any blockers that the reviewer identifies. Once the reviewer is happy with the package, the fedora-review flag will be set to +, indicating that the package has passed review.
  6. At this point, you need to request CVS branches for your newly approved package with CVS admin requests
  7. When the CVS admin requests are complete, you can import your package into CVS.
  8. Cvs checkout the package, do a final check of spec file tags, etc, and run "make tag".
  9. Request a build by running "make build".
  10. Repeat the process for other branches you may have requested.
  11. Request updates for Fedora release branches, if necessary, using "make build" or another Bodhi interface as detailed in Bodhi Guide.
  12. You should make sure the review ticket is closed. You are welcome to close it once the package has been built on the requested branches, or if you built for one of the Fedora release branches you can ask Bodhi to close the ticket for you when it completes the process. If you close the ticket yourself, use NEXTRELEASE as the resolution.

You do not need to go through the review process again for subsequent package changes.

Reviewer

The Reviewer is the person who chooses to review a package.

Note.png
Comments by other people
Other people are encouraged to comment on the review request as well. Especially people searching for sponsorship should comment other review requests to show, that they know the Packaging Guidelines.

The Reviewer can be any Fedora account holder, who is a member of the packager group. There is one exception: If it is the first package of a Contributor, the Reviewer must be a Sponsor. You can check if a Contributor has already been sponsored by looking the e-mail address up in the packager group of the account system.

The job of the Reviewer is to review the packages submitted in bugzilla request for reviews. You can see all the packages that need a reviewer by going here:
PackageMaintainers/UnassignedReviewRequests

So, starting with a new review request (fedora-review flag is blank):

  1. Set the fedora-review flag to ?
  2. Assign the bug to yourself. The ticket should stay assigned to you from now on, unless you leave the review for some reason.
  3. Review the package.
  4. Take one of the following actions:
    • ACCEPT: If the package is good, set the fedora-review flag to +
      1. If the Reviewer is also acting as Sponsor for the Contributor, then this is the time to sponsor the Contributor in the account system .
    • FAIL, LEGAL: If the package is legally risky for whatever reason (known patent or copyright infringement, trademark concerns) close the bug WONTFIX and leave an appropriate comment (i.e. we don't ship mp3, so stop submitting it). Set the fedora-review flag to -, and have the review ticket block FE-Legal.
    • FAIL, OTHER: If the package is just way off or unsuitable for some other reason, and there is no simple fix, then close the bug WONTFIX and leave an appropriate comment (i.e. we don't package pornography for redistribution, sorry. Or, this isn't a specfile, it's a McDonald's menu, sorry.) Set the fedora-review flag to -.
    • NEEDSWORK: Anything that isn't explicitly failed should be left open while the submitter and reviewer work together to fix any potential issues. Mark the bug as NEEDINFO while waiting for the reviewer to respond to improvement requests; this makes it easier for reviewers to find open reviews which require their input.
  5. Once a package is flagged as fedora-review + (or -), the Reviewer's job is done although they may be called upon to assist the Contributor with the import/build/update process and to sure that the Contributor closes the ticket out when the process is complete.

Definitions for fedora-review Flag Settings

fedora-review (BLANK) Package Needs Review
fedora-review ? Package Under Review
fedora-review - Package Failed Review, dropped for legal or other issues.
fedora-review + Package Approved

Tracking of Package Requests