So, to clarify - I'm OK with proven packagers to make changes to package I (actively) maintain in case I'm unavailable for some longer period of time (weekend, vacation, etc.), and the changes needed to be done fall into one of these categories: * my package received some high/critical CVE that needs to be patched ASAP * my package is causing Fedora not to boot properly/at all * my package is causing some serious problems to Fedora infrastructure (e.g. causing builds to fail, causing Pagure not to work, etc.) * my package is causing some other significant problem
When there's no such pressing issue, I would expect the packager to follow the Fedora policy about proven packagers I mentioned before. To be specific: * contact me via IRC first if it is something trivial not worth creating BZ and I'm available at IRC * write me an e-mail if it is something trivial not worth creating BZ and I'm not available at IRC * create a new BZ if it something non-trivial, causing problems to any users of Fedora What happened in the case that lead me to write my initial e-mail was this: 1) Proven packager received a BZ report for his own package. 2) Proven packager discovered the issue was actually caused by package I maintain/own. 3) Instead of switching that BZ to correct component, the proven packager decided to use his power to fix it himself. 4) He found a fix for it, created a new patch and added it into the package I maintain/own. NOTES: * The issue itself was not critical at all for Fedora to boot/function, it was not a CVE and it was not affecting the Fedora infrastructure, nor was critical at all IMHO. * I was available on the IRC during my working hours, but was not contacted by the proven packager, either via IRC or e-mail. * The specfile change was not referencing the BZ it was suppose to fix. It was containing only a link to upstream commit, where the commit message was completely irrelevant to the actual BZ. * The dist-git commit didn't contain the BZ number or some actually useful info either. The reason I'm not mentioning the person's name here is that I'm still waiting for his reply (or some kind of justification for this approach), but I really don't think that this actions would (nor should) fall to "being done according to policy". :) For me, it's more "I don't give a damn about others"-like approach, which IMHO nobody likes. :) Because it will be me (or some other maintainer) who will be (and will have to) deal(ing) with the package in the future, not the proven packager. Generally this "reckless" approach can cause be a pain for other people when they will be trying to find out answers to their questions (like "why was this patch included in the first place?", "can I safely remove it now?", "how long should it stay in the package?", "could this be the patch causing some regression I'm facing now?", etc. etc.) And that's one of the reason why I wrote my initial e-mail to this mailing list - for other proven packagers to be aware of this and for them to try not to make others people life harder... :) In the end, we have that saying in Fedora as well IIRC (when using 'sudo' for the first time): "With great power comes great responsibility" :)
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
