Am 12.01.2025 um 11:51 schrieb Tony Whyman:
You said "There should be at least one sample project. Otherwise I
have no way to test whether the code is working (I am not willing to
write test projects for foreign code)."
This implies that you are going to compile, test and look at the
results for every package submitted to OPM and potentially for each
update (i.e. lots of work for you). In the case of IBX you do at least
have 17 example projects to choose from plus a comprehensive
regression test suite with 29 individual tests for the main package
and a further 22 for the underlying Firebird Pascal Interface package
(fbintf) - but you need to set up your own Firebird server to perform
the tests/examples.
There is no general rule. I certainly will not run all sample projects,
and in fact, before I uploaded your new version to OPM today, I ran only
two. I knew that you were the author, the overall impression of the code
was good. This makes me "trust" you. If the author would have been
unknown, or assuming that there were massive preparations to test
(installing third-party servers/clients etc), I would have asked the
author to first present the package(s) in the forum to hear about the
experience of others. And this, in fact, is the way it usually goes:
People have an idea for a component/package and "exhibit" it in the
forum first. When it gets good feedback they ask for adding to OPM.
The regression tests make for a very stable and reliable package, but
it seems to be asking a lot for you to check the results and validate
the package as "good to go".
Most of the OPM packages do not contain unit tests at all, I probably
would not see them at all. And even if I'd run the tests: what if there
were fails? Would this be enough to reject the update? Not knowing the
details of that software, I would still accept the submission and let
the users decide.
Have you thought about requiring that submitted packages are signed by
the author/submitter? The author can then take responsibility for at
least the provenance of the code, correct licensing and that it
compiles - I would not go as far as "fitness for purpose" as open
source software can only work if the user accepts that part of the deal.
No beaurocarcy please. Requiring authors to sign their contributions
would kill OPM.
Do you also send out automated regular EMails (e.g. every 6 months
after a package was first submitted asking authors to re-affirm that
the package is up-to-date - and removing any where the author has gone
AWOL)? If not, then that would be one way of avoiding stale packages
on the archive.
Again: too much beaurocracy, now for me - I don't even have e-mail
addresses of authors at hand. And what if the author/maintainer does not
respond?
To be honest, once a package has made it into OPM it has a "safe life"
there. There is no chance to re-test all existing packages at all. But
sometimes, usually after changes in FPC or in the LCL, users report in
the forum that packages do not work any more. In this case, the user (or
I) contacts the author or files a bug report in the author's repository,
and the issue gets fixed. In other cases, the author is not active any
more: when there is an easy fix I patch the component byself and replace
the non-functional package. When this is not possible, the package is
removed.
--
_______________________________________________
lazarus mailing list
lazarus@lists.lazarus-ide.org
https://lists.lazarus-ide.org/listinfo/lazarus
