Hi folks!

I want to formally propose an idea that has been kicked around a bit
informally lately: gating all stable release updates on the relatively
new rmdepcheck reverse dependency static checker. This would include
Fedora and EPEL updates.

rmdepcheck: https://forge.fedoraproject.org/quality/rmdepcheck

rmdepcheck fails if the update under test, when compared against the
current buildroot repository, contains unsatisfiable dependencies, or
causes new unsatisfiable dependencies to appear in other packages. So
if your update makes some other package uninstallable...that's a fail.

This check has been running on all updates for some time now. We've
dealt with various sources of false failures and I'm fairly confident
it's pretty reliable by now.

Gating all updates for stable releases on it would mean you could no
longer ship updates with detectable dependency issues, unless you waive
the failure - which implies explicitly taking responsibility for
shipping a broken package, or breaking another package.

I don't want to gate Rawhide or Branched on rmdepcheck yet, because
sometimes it's kinda realistically necessary to bump an soname without
being able to fix every single dependency, or something. But I think
(or rather, Carl George pointed out - thanks, Carl) it's more
reasonable for stable releases. After all, the update policy
specifically says:

"Updates should be carefully considered with respect to their
dependencies. An update that required (or provided) a new Python ABI,
for example, would almost certainly not be allowed. ABI changes in
general are very strongly discouraged, they force larger update sets on
users and they make life difficult for third-party packagers."

EPEL has similar stability expectations.

Implementing this is technically trivial (it just requires adding a new
rule to the greenwave policy), but it's obviously a pretty significant
change, so I thought I'd propose it here and on Discourse for
discussion first. I don't think it's a good fit for the Change process.

You can browse existing rmdepcheck results in resultsdb, if you want to
look for false failures. Go to
https://resultsdb.fedoraproject.org/results , click the Search button,
set the 'testcase' to 'fedora-ci.koji-build.rmdepcheck.functional' and
hit Go! That'll give you the last month of results. You can tweak the
date range, and also search only for failed results, if you like. It's
slightly awkward because currently results are reported per package, so
testing an update with 500 packages in it produces 500 results that
link back to the same execution. I do want to change it to report per
update rather than per package, but I don't think that needs to be done
before we start gating.
-- 
Adam Williamson (he/him/his)
Fedora QA
Fedora Chat: @adamwill:fedora.im | Mastodon: @[email protected]
https://www.happyassassin.net



-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to