Rosen Penev <[email protected]> writes: > Why was this sent here? dbus is in the packages feed.
Sorry, I assumed that was obvious. I'll explain There is a continous push to move packages from the OpenWrt core repo to the "packages" repo. This would have been fine if both these repos could be trusted. Unfortunately, that is not the case. That's why this is relevant to OpenWrt. The low standards of the packages repo reflects back to OpenWrt. I believe core needs to take control over packages again, or something must be done to improve the quality of the packages repo. When a package cannot even be installed, like the current example, then how do we know what security issues other packages have? No testing and no review is a recipe for disaster. No one should use the packages repo as is. The bad or missing procedures adds to this. Why can anyone commit their own code without any review? Why are squashed commits allowed? One commit, one change is a golden rule. There's a reason for that. IMHO, the problem with the packages repo is mostly about attitude. There is no reason to skip run testing in the first place. This buggy change would never have been commited by any qualified developer. And you got a report 19 days ago that the package was uninstallable: https://github.com/openwrt/packages/commit/0fb5d3ed2cb31a0a6076d36fb7a668cfe5328c92#commitcomment-49147445 The only logical thing to do would be an immediate revert. But no, the package is still broken. Why? So the question for OpenWrt core is: Do you really want to depend on the packages repo? Going down with it? (As you know, dbus is not the first package you've left so broken that a simple install was enough to find the bug. I stumbled on https://github.com/openwrt/packages/pull/14366 a while ago - I assume there are plenty more) Bjørn _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
