On Dec 2, 2007 3:53 PM, Eric Belanger <belanger@astro.umontreal.ca> wrote:
On Sun, 2 Dec 2007, Travis Willard wrote:
On Dec 2, 2007 4:30 PM, Eric Belanger <belanger@astro.umontreal.ca> wrote:
On Sun, 2 Dec 2007, Travis Willard wrote:
That's not the way signoffs work. You CAN'T just 'assume' they are fine. You have to wait. Sorry, but it breaks the whole system otherwise.
Actually, these packages were already signed off by two devs: Dan for i686 and me for x86_64. From an IRC discussion with Aaron, the devs who put the packages in testing counts as one of the two signoff. That might seem strange but it's the way it works unless the signoffs gets a better definition.
That doesn't seem sound to me. Recall the problem when the kernel package that was uploaded had something screwy in it due to a bad transfer. Under this situation, tpowa would have 'signed off' his own upload, whoever built it for x86_64 would have signed it off for their own upload, and then the buggy package i686 would have been pushed to core.
If that's how we want our signoffs, then that's fine - I'm just pointing out a possible flaw.
I agree that the packager shouldn't count as a signoff. That how I undertood it before the little discussion in IRC.
IMO, the way signoff should be done to prevent any potential screw up is that 2 devs other than the packagers should signoff and that each architecture should at least be signed off once.
So as to not clutter up Dan's thread, can we move this talk here? To clarify. My intention was "at least 2 devs are responsible for the package" - the statement DOES include the original packager, however, let me point out that each cvs commit has 2 packages. I guess I assumed the statement was clear when it really wasn't. So let me clarify: Bill uploads package a-i686. Bill, in the act of uploading it, says "well this works for me". It's an implicit signoff and the way we have always worked - the act of uploading a package is an implicit agreement that it is in working order. No one tests a package, says "wow this is broken" and uploads it. Now, when John signs off for i686, that's two people who have said "hey this is working". However, a-x86_64 has not been signed off for. In fact, bill never uploaded that package so couldn't possibly sign off for it. Alternatively, Bill used my machine to build the package but does not have a box to test it on. As such, 2 people are needed to test/signoff for x86_64. So, in actuality, I intended a total of 4 signoffs, but including the original submitter. I don't really get where the idea that the original person who uploaded the package isn't responsible for it comes from? The whole point of the sign off thing is to say "we are the ones responsible for this". How about this: In the email sent out for having a package signed off, you explicitly list yourself as signed off on a given architecture that you actually tested the package on. Is there a problem with this?