[repo-coord] Packaging Process - PLEASE READ

Thu May 27 19:16:48 CEST 2004

Am Do, den 27.05.2004 schrieb Bent Terp um 9:07:
> On Fri, 2004-05-21 at 04:47, Rudolf Kastl wrote: 
> > 1. we need to specify checks for the source code. Means checking if the
> > source is alright or no in terms of malicously changed.
> 
> GPG sigs? MD5 checks? What else should I consider?

not every source download provides a gpg signed or md5 checked source.
we need a general solution for that. if not please dont replace system
internals or anything else that is properly checked... cause you never
know... remember when the bitchx site was hacked? remember when
themes.org was hacked? ....

> 
> > 2. before you even touch the source check if its already packaged.
> 
> Bien sûr, life is short.

so we rather break things and override ... if the work is already done
you safe time...

> 
> > 1. perl and sed should be avoided
> 
> Disagree. Again, life is short and a perl one-liner is much more
> resilient than a patch - e.g. " find . -name \*.h | xargs -i{} perl -pi
> -e 's[/usr/local][/usr]' {} " is more likely to survive a
> version-update. 

if you use perl or sed you read all files that affected each time... you
can do that and just diff a patch... its one command... send it upstream
and it can be fixed... everything else is butchering with alot bork
potential. especially if just blindly done on a new release.

> 
> > 2. buildmacros should all be defined on top of the spec.
> 
> I'll sort of buy that, assuming you mean "at the top of the spec".

> 
> > there can be exclusions when its not possible to
> > act otherwise in a special case. 
> 
> How kind of you ;-) I use /etc/macros on the buildboxes to keep track of
> which distro's installed - DAR and MACH are too difficult for me.
> 
i dont make the rules for you.. you can do what you want. if you dont
see the need in any way for anything i mentioned alright.

> > 3. other major distros should be checked
> 
> There's a lot of treasure to be found in suse contribs and mandrake
> cooker. But their weird macros give me loads of grey hair.

and that is really a problem for you? if you just look in their macro
definitions its no problem at all ;)...

> 
> > 1. building should always happen in a non root environment
> 
> This sentence uses the word "should" with the same strength as in an
> RFC: "should" = "absolutely always must". Which is why I haven't rebuild
> OpenPBS from the oscar.sf.net distribution, yet.

read the docs on rpm.org

> 
> > 3. it has to be verified that the rpm installs clean and runs fine
> > before its released.
> 
> And perl module authors should ensure that their modules test out okay
> before dumping them in CPAN! 

if we dont check we can just use the borked CPAN stuff... why package it
all then?

> 
> >  That includes basic functionality checking.
> 
> I try, and often fail ;-)
> 

lots of funny comments yet... anything productive?