[arch-dev-public] Package signoffs page

Eric Bélanger snowmaniscool at gmail.com
Fri Nov 4 13:28:41 EDT 2011

On Fri, Nov 4, 2011 at 12:14 PM, Dan McGee <dpmcgee at gmail.com> wrote:
> On Thu, Nov 3, 2011 at 10:16 AM, Dan McGee <dpmcgee at gmail.com> wrote:
>> Devs,
>> This seems like a good time to get the ball fully rolling on the
>> package signoffs page: https://www.archlinux.org/packages/signoffs/
> Devs (and TUs, someone link this to them please),
> We should be up and running now with a page that is 100% usable for
> our current purposes. PLEASE give it a shot, without diving in this
> will not gain steam and be used like it wasn't for 3 years.
> Needs addressed:
> * a package signoff can be marked as either 'known bad' or 'not
> enabled'. These are distinct boolean options, setting either of them
> will not allow signoffs.

Unless I'm doing things wrong, this is only available for the packages
I built. This defeats the purpose of the  'known bad' flag. Anyone
should be able to flag any package as bad.

> * signoffs can be revoked.
> * daily summary email on a per-testing-repo basis (preview coming soon)

The report should only be sent when there are package in the testing
repo. I just received a useless notification for the empty
multilib-testing repo (maybe you already implemented that and were
only testing the system).

I'm not sure about the usefulness of the reports for the
community-testing and multilib-testing repo as signoffs are not
required for these repo so people might not be bothered to sign them
off.  The section about packages older than 14 days is useful so
perhaps reports for these repos should be weekly instead of daily.  If
people start signing them off (at least most of them), then I won't
mind the daily report.

> * packager/maintainer notes for a given package in a testing repo that
> are displayed with the signoff (see pacman on the page right now)
> * full filtering options on page (if you're not using JavaScript,
> you're silly, it is 2011, not 1994), and page never needs refreshing
> when doing multiple signoffs
> Two more questions/comments:
> 1. Dev/TU distinction- should anyone in either group be allowed to
> sign off on any package?
>  - pros: simpler, we trust each other anyway, you can see exactly who
> signs off on what anyway so you aren't just relying on a magic 'Yes'
> to show up.

another pros: some packages are nor used by many devs (e.g. lvm2,
firmare) so if TUs use them, it would be good if they could signoff.

>  - cons: not sure? "security"? or the fact that in the past we
> generally haven't crossed this boundary.
> 2. User signoffs- not even worried about this yet. Let the old
> solution work for now, which is sending an email to arch-general.
> -Dan

More information about the arch-dev-public mailing list