Package Review Process

Author:  Tom 'spot' Callaway and others Revision: 0.06 Initial Draft: 2007-03-12 Last Revised: 2010-11-13

Review Purpose
In order for a new package to be added to Fedora, the package must first undertake a formal review. The purpose of this formal review is to try to ensure that the package meets the quality control requirements for Fedora. This does not mean that the package (or the software being packaged) is perfect, but it should meet baseline minimum requirements for quality.

Reviews are currently done for totally new packages, package renames, and packages merged from the old Fedora Core repository.

Review Process
There are two roles in the review process, that of the contributor and that of the reviewer. In this document, we'll present both perspectives.

Contributor
A Contributor is defined as someone who wants to submit (and maintain) a new package in Fedora. To become a contributor, you must follow the detailed instructions to Join the package collection maintainers.

As a Contributor, you should have already made a package which adheres to the Package Naming Guidelines  and  Packaging Guidelines. There are also some packages that cannot be included in Fedora, to check if your package applies, check if it contains any Forbidden items.

When you're happy with your spec file, you should then submit that SRPM to a package review. Currently, this is done by following these steps:

  Put your spec file and SRPM somewhere on the Internet.  Fill out a request for review in bugzilla. For guidance, a screenshot of a sample bugzilla request is available for review.  If you do not have any package already in Fedora, this means you need a sponsor and to add FE-NEEDSPONSOR to the bugs being blocked by your review request. For more information read the How to get sponsored into the packager group wiki page.  Wait for someone to review your package! At this point in the process, the fedora-review flag is blank, meaning that no reviewer is assigned.  There may be comments from people that are not formally reviewing the package, they may add NotReady to the Whiteboard field, indication that the review request is not yet ready, because of some issues they report. After you have addressed them, please post the URLs to the updated SPEC and SRPM file and remove it from the Whiteboard. It is expected that you will respond to commentary, including updating your submission to address it; if you do not, your ticket will be closed.  A reviewer takes on the task of reviewing your package. They will set the fedora-review flag to ?  The reviewer will review your package. You should fix any blockers that the reviewer identifies. Once the reviewer is happy with the package, the fedora-review flag will be set to +, indicating that the package has passed review.  At this point, you need to make an SCM admin request for your newly approved package.  When this is complete, you can import your package into the SCM.  Checkout the package using "fedpkg clone " do a final check of spec file tags, etc. <li> Request a build by running "fedpkg build". <li> Repeat the process for other branches you may have requested. <li> Request updates for Fedora release branches, if necessary, using "fedpkg update" or another Bodhi interface as detailed in Bodhi. <li> You should make sure the review ticket is closed. You are welcome to close it once the package has been built on the requested branches, or if you built for one of the Fedora release branches you can ask Bodhi to close the ticket for you when it completes the process. If you close the ticket yourself, use NEXTRELEASE as the resolution. </ol>

You do not need to go through the review process again for subsequent package changes.

Reviewer
The Reviewer is the person who chooses to review a package.

The Reviewer can be any Fedora account holder, who is a member of the packager group. There is one exception: If it is the first package of a Contributor, the Reviewer must be a Sponsor. You can check if a Contributor has already been sponsored by looking the e-mail address up in the packager group of the account system.

<ol> <li> Search for a review request that needs a reviewer: http://fedoraproject.org/PackageReviewStatus/ (fedora-review flag is blank or the bug is assigned to nobody@fedoraproject.org) <li> If you notice some issues that need to be solved before you want to start a formal review, add these issues in a comment and set the Whiteboard of the bug to contain NotReady. This helps other possible reviewers to notice that the review request is not yet ready for further review action. <li> if you want to formally review the package, set the fedora-review flag to ? and assign the bug to yourself.

<li> Review the package ... <ul> <li> Go through the MUST items listed in Review Guidelines. <li> Go through the SHOULD items in Review Guidelines. </ul> </li> <li> Include the text of your review in a comment in the ticket. For easy readability, simply use a regular comment instead of an attachment. <li> Take one of the following actions: <ul> <li> ACCEPT - If the package is good, set the fedora-review flag to +

<li> FAIL, LEGAL - If the package is legally risky for whatever reason (known patent or copyright infringement, trademark concerns) close the bug WONTFIX and leave an appropriate comment (i.e. we don't ship mp3, so stop submitting it). Set the fedora-review flag to -, and have the review ticket block FE-Legal. <li> FAIL, OTHER - If the package is just way off or unsuitable for some other reason, and there is no simple fix, then close the bug WONTFIX and leave an appropriate comment (i.e. we don't package pornography for redistribution, sorry. Or, this isn't a specfile, it's a McDonald's menu, sorry.) Set the fedora-review flag to -. <li> NEEDSWORK - Anything that isn't explicitly failed should be left open while the submitter and reviewer work together to fix any potential issues. Mark the bug as NEEDINFO while waiting for the reviewer to respond to improvement requests; this makes it easier for reviewers to find open reviews which require their input. </ul> <li> Once a package is flagged as fedora-review + (or -), the Reviewer's job is done although they may be called upon to assist the Contributor with the import/build/update process and to sure that the Contributor closes the ticket out when the process is complete. </ol>

Special blocker tickets
There are a few tickets which can be placed in the "Blocks" field to indicate specific ticket statuses:

The Whiteboard
To save time for reviewers, the page at http://fedoraproject.org/PackageReviewStatus/NEW.html will hide certain tickets which are not reviewable. The Whiteboard field can be used to mark a ticket with various additional bits of status which will cause it to be hidden or displayed differently.

Tracking of Package Requests

 * New Review Requests (Cached for faster access)
 * Packages Currently Under Review (Cached for faster access)
 * Packages Reviewed but not Closed