[arch-dev-public] Signoffs

Sun Dec 2 19:34:03 EST 2007

On Dec 2, 2007 3:53 PM, Eric Belanger <belanger at astro.umontreal.ca> wrote:
> On Sun, 2 Dec 2007, Travis Willard wrote:
> > On Dec 2, 2007 4:30 PM, Eric Belanger <belanger at astro.umontreal.ca> wrote:
> >>
> >> On Sun, 2 Dec 2007, Travis Willard wrote:
> >>> That's not the way signoffs work.  You CAN'T just 'assume' they are fine.
> >>> You have to wait.  Sorry, but it breaks the whole system otherwise.
> >>
> >> Actually, these packages were already signed off by two devs: Dan for i686
> >> and me for x86_64. From an IRC discussion with Aaron, the devs who put the
> >> packages in testing counts as one of the two signoff. That might seem
> >> strange but it's the way it works unless the signoffs gets a better
> >> definition.
> >
> > That doesn't seem sound to me.  Recall the problem when the kernel
> > package that was uploaded had something screwy in it due to a bad
> > transfer.  Under this situation, tpowa would have 'signed off' his own
> > upload, whoever built it for x86_64 would have signed it off for their
> > own upload, and then the buggy package i686 would have been pushed to
> > core.
> >
> > If that's how we want our signoffs, then that's fine - I'm just
> > pointing out a possible flaw.
> >
>
>
> I agree that the packager shouldn't count as a signoff. That how I
> undertood it before the little discussion in IRC.
>
> IMO, the way signoff should be done to prevent any potential screw up is
> that 2 devs other than the packagers should signoff and that each
> architecture should at least be signed off
> once.

So as to not clutter up Dan's thread, can we move this talk here?

To clarify. My intention was "at least 2 devs are responsible for the
package" - the statement DOES include the original packager, however,
let me point out that each cvs commit has 2 packages.

I guess I assumed the statement was clear when it really wasn't. So
let me clarify:

Bill uploads package a-i686.
Bill, in the act of uploading it, says "well this works for me". It's
an implicit signoff and the way we have always worked - the act of
uploading a package is an implicit agreement that it is in working
order. No one tests a package, says "wow this is broken" and uploads
it.
Now, when John signs off for i686, that's two people who have said
"hey this is working". However, a-x86_64 has not been signed off for.
In fact, bill never uploaded that package so couldn't possibly sign
off for it. Alternatively, Bill used my machine to build the package
but does not have a box to test it on. As such, 2 people are needed to
test/signoff for x86_64.

So, in actuality, I intended a total of 4 signoffs, but including the
original submitter.

I don't really get where the idea that the original person who
uploaded the package isn't responsible for it comes from? The whole
point of the sign off thing is to say "we are the ones responsible for
this".

How about this: In the email sent out for having a package signed off,
you explicitly list yourself as signed off on a given architecture
that you actually tested the package on. Is there a problem with this?