[arch-dev-public] Package signoffs page

Dan McGee dpmcgee at gmail.com
Fri Nov 4 13:37:45 EDT 2011

On Fri, Nov 4, 2011 at 12:28 PM, Eric Bélanger <snowmaniscool at gmail.com> wrote:
> On Fri, Nov 4, 2011 at 12:14 PM, Dan McGee <dpmcgee at gmail.com> wrote:
>> On Thu, Nov 3, 2011 at 10:16 AM, Dan McGee <dpmcgee at gmail.com> wrote:
>>> Devs,
>>> This seems like a good time to get the ball fully rolling on the
>>> package signoffs page: https://www.archlinux.org/packages/signoffs/
>> Devs (and TUs, someone link this to them please),
>> We should be up and running now with a page that is 100% usable for
>> our current purposes. PLEASE give it a shot, without diving in this
>> will not gain steam and be used like it wasn't for 3 years.
>> Needs addressed:
>> * a package signoff can be marked as either 'known bad' or 'not
>> enabled'. These are distinct boolean options, setting either of them
>> will not allow signoffs.
> Unless I'm doing things wrong, this is only available for the packages
> I built. This defeats the purpose of the  'known bad' flag. Anyone
> should be able to flag any package as bad.
This seems fishy. Anyone can mark a package as bad? I'm not sure I
agree here. Perhaps the equivalent of a "negative signoff" would make
more sense, but a truely bad package should be removed from the repos
ASAP, not marked here.

>> * signoffs can be revoked.
>> * daily summary email on a per-testing-repo basis (preview coming soon)
> The report should only be sent when there are package in the testing
> repo. I just received a useless notification for the empty
> multilib-testing repo (maybe you already implemented that and were
> only testing the system).
Already fixed.

> I'm not sure about the usefulness of the reports for the
> community-testing and multilib-testing repo as signoffs are not
> required for these repo so people might not be bothered to sign them
> off.
Required? No. Helpful? Incredibly, it means someone else has run your
package and you feel a lot better about it.

>  The section about packages older than 14 days is useful so
> perhaps reports for these repos should be weekly instead of daily.  If
> people start signing them off (at least most of them), then I won't
> mind the daily report.
We're going from like *50* emails in one day to 3 a day, which contain
much more information. I'm not too concerned here.

>> * packager/maintainer notes for a given package in a testing repo that
>> are displayed with the signoff (see pacman on the page right now)
>> * full filtering options on page (if you're not using JavaScript,
>> you're silly, it is 2011, not 1994), and page never needs refreshing
>> when doing multiple signoffs
>> Two more questions/comments:
>> 1. Dev/TU distinction- should anyone in either group be allowed to
>> sign off on any package?
>>  - pros: simpler, we trust each other anyway, you can see exactly who
>> signs off on what anyway so you aren't just relying on a magic 'Yes'
>> to show up.
> another pros: some packages are nor used by many devs (e.g. lvm2,
> firmare) so if TUs use them, it would be good if they could signoff.
>>  - cons: not sure? "security"? or the fact that in the past we
>> generally haven't crossed this boundary.
>> 2. User signoffs- not even worried about this yet. Let the old
>> solution work for now, which is sending an email to arch-general.
>> -Dan

More information about the arch-dev-public mailing list