Hi folks! I want to formally propose an idea that has been kicked around a bit informally lately: gating all stable release updates on the relatively new rmdepcheck reverse dependency static checker. This would include Fedora and EPEL updates.
rmdepcheck: https://forge.fedoraproject.org/quality/rmdepcheck rmdepcheck fails if the update under test, when compared against the current buildroot repository, contains unsatisfiable dependencies, or causes new unsatisfiable dependencies to appear in other packages. So if your update makes some other package uninstallable...that's a fail. This check has been running on all updates for some time now. We've dealt with various sources of false failures and I'm fairly confident it's pretty reliable by now. Gating all updates for stable releases on it would mean you could no longer ship updates with detectable dependency issues, unless you waive the failure - which implies explicitly taking responsibility for shipping a broken package, or breaking another package. I don't want to gate Rawhide or Branched on rmdepcheck yet, because sometimes it's kinda realistically necessary to bump an soname without being able to fix every single dependency, or something. But I think (or rather, Carl George pointed out - thanks, Carl) it's more reasonable for stable releases. After all, the update policy specifically says: "Updates should be carefully considered with respect to their dependencies. An update that required (or provided) a new Python ABI, for example, would almost certainly not be allowed. ABI changes in general are very strongly discouraged, they force larger update sets on users and they make life difficult for third-party packagers." EPEL has similar stability expectations. Implementing this is technically trivial (it just requires adding a new rule to the greenwave policy), but it's obviously a pretty significant change, so I thought I'd propose it here and on Discourse for discussion first. I don't think it's a good fit for the Change process. You can browse existing rmdepcheck results in resultsdb, if you want to look for false failures. Go to https://resultsdb.fedoraproject.org/results , click the Search button, set the 'testcase' to 'fedora-ci.koji-build.rmdepcheck.functional' and hit Go! That'll give you the last month of results. You can tweak the date range, and also search only for failed results, if you like. It's slightly awkward because currently results are reported per package, so testing an update with 500 packages in it produces 500 results that link back to the same execution. I do want to change it to report per update rather than per package, but I don't think that needs to be done before we start gating. -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @[email protected] https://www.happyassassin.net -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
