On 25/04/21 15:51, Bjørn Mork wrote:
Rosen Penev <[email protected]> writes:
Why was this sent here? dbus is in the packages feed.
Sorry, I assumed that was obvious. I'll explain
There is a continous push to move packages from the OpenWrt core repo to
the "packages" repo. This would have been fine if both these repos could
be trusted. Unfortunately, that is not the case.
That's why this is relevant to OpenWrt. The low standards of the
packages repo reflects back to OpenWrt. I believe core needs to take
control over packages again, or something must be done to improve the
quality of the packages repo.
Nobody had "control" over most non-core packages before when they were
in core repo, so nobody would review contributions that would bitrot and
eventually get closed. That's why they get moved to packages repo.
I think the only way forward is improving quality/rules/integration
tests or whatever in the package repo, "going back" would just mean the
package will never get updated in years even if it has bugs because no
core developer cares enough (or knows enough) to review and merge
contributions.
When a package cannot even be installed, like the current example, then
how do we know what security issues other packages have? No testing and
no review is a recipe for disaster. No one should use the packages repo
as is.
The bad or missing procedures adds to this. Why can anyone commit their
own code without any review?
To be fair, there is plenty of "commit their own code without any
review" in core repo too. It's just that the developer is much more
experienced and makes less mistakes. Maybe.
Why are squashed commits allowed? One
commit, one change is a golden rule. There's a reason for that.
IMHO, the problem with the packages repo is mostly about attitude. There
is no reason to skip run testing in the first place. This buggy change
would never have been commited by any qualified developer.
I think the main problem is about rules and enforcement of them. Are
there rules for the package repo?
Are there "super users" that can enforce them, revert the commits just
because it's not conformant to rules and scold anyone that is caught
merging bad stuff?
Can someone lose commit access if he keeps ignoring rules?
In core repo (on Github mostly) I've seen Adrian Schmutzler do this a
bit with the newer core developers. But it's a single person posting
some comment every once in a while, and there are not a lot of "new core
developers" all the time.
For packages feed it will have to require more people or at least more
automation.
And you got a report 19 days ago that the package was uninstallable:
https://github.com/openwrt/packages/commit/0fb5d3ed2cb31a0a6076d36fb7a668cfe5328c92#commitcomment-49147445
The only logical thing to do would be an immediate revert. But no, the
package is still broken. Why?
So the question for OpenWrt core is: Do you really want to depend on the
packages repo? Going down with it?
Depend on what? dbus and all other stuff in packages are not required by
core to work.
If they are broken, the issue is only in the package repo, which is seen
as "additional functionality", and thus less critical.
That's the way packages repos has always been seen as. It's not a "core
repo" but a "community repo", similar to Ubuntu PPA repos, or Arch's AUR
repos, or OpenSUSE's OBS repos. It's stuff maintained by third parties
that shares the same build infrastructure, and as such it may or may not
blow up in your face.
-Alberto
(As you know, dbus is not the first package you've left so broken that a
simple install was enough to find the bug. I stumbled on
https://github.com/openwrt/packages/pull/14366 a while ago - I assume
there are plenty more)
Bjørn
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
