Re: Duplicate package was reviewed

[Michael Schwendt]

On Fri, 31 Jul 2020 12:48:44 +0200, Tomasz Torcz wrote:

>   What about bringing old, possibly unmaintained library into Fedora?
> It may contain unfixed security bugs.  Not that I know of any, but it's
> a possibility.

1) First it would need to pass the review process. Submitter _and_
reviewer both ought to notice that it is "old, possibly unmaintained"
software. In case of a lib, there's also the related question of "what
will use this lib?". Later it will be "what still uses this lib?" and
"are there alternatives or a successor?".

2) Once a package has been included in the package collection, "old,
possibly unmaintained" software is sort of a grey area. There are
thousands of packages in the collection, "possibly" with undiscovered
security issues. For those that are known to contain major vulnerabilities
and are unmaintained (like wxGTK2), it may be necessary to remove a
package from the collection.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Re: Duplicate package was reviewed

[Tomasz Torcz]

On Fri, Jul 31, 2020 at 12:01:53PM +0200, Michael Schwendt wrote:
> libqmatrixclient vs libquotient
> 
> Absolutely no conflict whatsoever. Different SONAME, different file/folder
> names, different package names, different project name. Even if they came
> from the same project, the old compat- naming scheme would not have applied.

  What about bringing old, possibly unmaintained library into Fedora?
It may contain unfixed security bugs.  Not that I know of any, but it's
a possibility.

-- 
Tomasz Torcz Morality must always be based on practicality.
to...@pipebreaker.pl — Baron Vladimir Harkonnen
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Re: Duplicate package was reviewed

[Michael Schwendt]

libqmatrixclient vs libquotient

Absolutely no conflict whatsoever. Different SONAME, different file/folder
names, different package names, different project name. Even if they came
from the same project, the old compat- naming scheme would not have applied.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Re: Duplicate package was reviewed

[Kevin Kofler]

Vitaly Zaitsev via devel wrote:
> Previously it wasn't allowed to push different versions of the same
> project into repositories. That's why Fedora Modularity was invented.

That is what the Modularity developers wanted you to believe. The fact is, 
parallel-installable compatibility libraries have always been allowed, and 
they are the best approach to this problem, because they allow applications 
using the old and new library to be installed on the same system at the same 
time (without workarounds such as chroots, containers, or even VMs), unlike 
the mutually exclusive module versions in the Modularity approach.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Re: Duplicate package was reviewed

[Dominik 'Rathann' Mierzejewski]

On Thursday, 30 July 2020 at 17:11, Vitaly Zaitsev via devel wrote:
> On 30.07.2020 10:03, Kevin Kofler wrote:
> > Independently of what the current packaging guidelines say about this 
> > (apparently, "compat-" is not even a thing anymore there, see Rathann's 
> > reply), it simply does not make sense to use any sort of prefixing or 
> > suffixing to the package name when the old and the new library have 
> > different package names (as in this case: libqmatrixclient vs. libquotient).
> 
> Previously it wasn't allowed to push different versions of the same
> project into repositories. That's why Fedora Modularity was invented.
> 
> I see the this is permitted now, sorry for the noise.

I'm not sure where you got the idea that it wasn't permitted. It always
was, you just had to ensure the packages didn't conflict. The only thing
that changed some time ago is that the compat- prefix is no longer
required.

Regards,
Dominik
-- 
Fedora   https://getfedora.org  |  RPM Fusion  http://rpmfusion.org
There should be a science of discontent. People need hard times and
oppression to develop psychic muscles.
-- from "Collected Sayings of Muad'Dib" by the Princess Irulan
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Re: Duplicate package was reviewed

[Vitaly Zaitsev via devel]

On 30.07.2020 10:03, Kevin Kofler wrote:
> Independently of what the current packaging guidelines say about this 
> (apparently, "compat-" is not even a thing anymore there, see Rathann's 
> reply), it simply does not make sense to use any sort of prefixing or 
> suffixing to the package name when the old and the new library have 
> different package names (as in this case: libqmatrixclient vs. libquotient).

Previously it wasn't allowed to push different versions of the same
project into repositories. That's why Fedora Modularity was invented.

I see the this is permitted now, sorry for the noise.

-- 
Sincerely,
  Vitaly Zaitsev (vit...@easycoding.org)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Re: Duplicate package was reviewed

[Kevin Kofler]

Vitaly Zaitsev via devel wrote:
> Libqmatrixclient is a very old version of libquotient. Compatibility
> packages should have compat- prefix.

Independently of what the current packaging guidelines say about this 
(apparently, "compat-" is not even a thing anymore there, see Rathann's 
reply), it simply does not make sense to use any sort of prefixing or 
suffixing to the package name when the old and the new library have 
different package names (as in this case: libqmatrixclient vs. libquotient).

If the actual sonames are conflicting, then that needs to be dealt with (but 
that would be an upstream issue then, they ought to use a different soname 
if the libraries are not binary-compatible!), but it does not require 
mangling the package name.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Re: Duplicate package was reviewed

[Dominik 'Rathann' Mierzejewski]

On Wednesday, 29 July 2020 at 20:06, Vitaly Zaitsev via devel wrote:
> On 29.07.2020 19:33, Brendan Early wrote:
> > Can you please explain what you mean by conflicts? They are in
> > completely different directories.
> 
> Libqmatrixclient is a very old version of libquotient. Compatibility
> packages should have compat- prefix.

Not anymore. Please point to the relevant Packaging Guidelines entry if
you think otherwise.

Regards,
Dominik
-- 
Fedora   https://getfedora.org  |  RPM Fusion  http://rpmfusion.org
There should be a science of discontent. People need hard times and
oppression to develop psychic muscles.
-- from "Collected Sayings of Muad'Dib" by the Princess Irulan
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Re: Duplicate package was reviewed

[Brendan Early]

> > Can you please explain what you mean by conflicts? They are in
> > completely different directories. 
> Libqmatrixclient is a very old version of libquotient. Compatibility
> packages should have compat- prefix.

- That is not a conflict. I do not understand what is conflicting.
- Untagging is an inappropriate action to take.
- 0.5.x (libqmatrixclient) is not "very old", it has been receiving updates and 
0.6.x (libquotient) just had its first stable release last week.
- I agree that adding the compat suffix is best practice, but I do not believe 
that it applies in this situation. When I introduced libqmatrixclient it was 
still stable and libquotient was only a beta. The policy that requires this is 
called "Multiple packages with the same base name" which is not the case in 
this situation. The name "libqmatrixclient" is also already indicative of the 
package's version.

> Have you tried to build Git snapshots of Quaternion instead of regular
> releases at least for Rawhide?

Quaternion is under active development. I would prefer that a potentially 
broken version does not get branched.

> This is okay then. But it should be obsoleted by libquotient. Send me an
> email when you decide to do this.

That is what I meant by that.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Re: Duplicate package was reviewed

[Vitaly Zaitsev via devel]

On 29.07.2020 19:33, Brendan Early wrote:
> Can you please explain what you mean by conflicts? They are in
> completely different directories.

Libqmatrixclient is a very old version of libquotient. Compatibility
packages should have compat- prefix.

> I am unaware of any policy that does not allow this, quaternion (by the
> author of the library) has no release that can be built with libquotient
> yet.

Have you tried to build Git snapshots of Quaternion instead of regular
releases at least for Rawhide?

> I have been
> planing to obsolete libQMatrixClient in favor of libquotient as soon as
> quaternion has a version that can be built with libquotient.

This is okay then. But it should be obsoleted by libquotient. Send me an
email when you decide to do this.

-- 
Sincerely,
  Vitaly Zaitsev (vit...@easycoding.org)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Re: Duplicate package was reviewed

[Brendan Early]

Vitaly,

Can you please explain what you mean by conflicts? They are in
completely different directories.

I am unaware of any policy that does not allow this, quaternion (by the
author of the library) has no release that can be built with libquotient
yet. Untagging libQMatrixClient will break quaternion, I have been
planing to obsolete libQMatrixClient in favor of libquotient as soon as
quaternion has a version that can be built with libquotient.

Regards,

Brendan Early
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Re: Duplicate package was reviewed

[Vitaly Zaitsev via devel]

On 29.07.2020 19:14, Kevin Fenzi wrote:
> What exactly are the conflicts? Can you Obsolete/Provides whatever in
> libquotient?

libqmatrixclient is a very old version of libquotient (before the
upstream decided to rename it). Both of them provides the same files
(except of library versions).

If someone still need it, it should have compat- prefix, I think.

-- 
Sincerely,
  Vitaly Zaitsev (vit...@easycoding.org)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Re: Duplicate package was reviewed

[Kevin Fenzi]

On Wed, Jul 29, 2020 at 06:41:57PM +0200, Vitaly Zaitsev via devel wrote:
> Hello all.
> 
> Duplicate package of libquotient - libqmatrixclient - was reviewed,
> accepted and pushed to stable repositories.
> 
> Not it cause conflicts.

I guess you meant "Now" there?

> 
> libqmatrixclient must be untagged and removed from all Fedora releases.

We don't remove things from stable releases normally.

What exactly are the conflicts? Can you Obsolete/Provides whatever in
libquotient?

kevin


signature.asc
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Duplicate package was reviewed

[Vitaly Zaitsev via devel]

Hello all.

Duplicate package of libquotient - libqmatrixclient - was reviewed,
accepted and pushed to stable repositories.

Not it cause conflicts.

libqmatrixclient must be untagged and removed from all Fedora releases.

-- 
Sincerely,
  Vitaly Zaitsev (vit...@easycoding.org)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org