In order for a new Module to be added to Fedora, the module must first undertake a formal review much like the RPM Package Review process. The purpose of this formal review is to try to ensure that the module meets the quality control requirements for Fedora.
Reviews are currently done for totally new modules and every time a new module stream is created (technically, proposed to be created).
Modules are not required to share a 1:1 relationship with RPM Packages but can instead deliver multiple RPM Packages (such as dependencies) in order to distribute a fully functional module. However naming of the module should be based on the main service or software it aims to deliver.
There are two roles in the review process, that of the contributor and that of the reviewer. In this document, we'll present both perspectives.
A Contributor is defined as someone who wants to submit (and maintain) a new Module in Fedora. To become a contributor, you must follow the detailed instructions to Join the package collection maintainers.
As a Contributor, you should only be creating modules out of pre-existing software in the Fedora RPM repositories which adheres to the Package Naming Guidelines and Packaging Guidelines. Make note that the only software allowed in official Fedora Modules must be distributed via RPMs as part of the Fedora distribution. The Module Build Service will reject attempts to build from sources not provided by Fedora's dist-git.
Module Metadata Files
- Put your Module Metadata (modulemd) file somewhere on the Internet where it can be directly downloaded (just HTTP(s), no registration pages or special download methods, please). If you have no access at all and would like space, please visit The sponsors ticket system, log in, and file a ticket with component "Initial package hosting request". You will be given access to Fedorapeople.
- Ensure your modulemd file meets the specifications outlined in the Module Guidelines
- Fill out a request for review in bugzilla (FIX ME). For guidance, a screenshot of a sample bugzilla request is available for review FIX ME.
- If you do not have any package, container layered image, or module already in Fedora, this means you need a sponsor and to add FE-NEEDSPONSOR (Bugzilla id:177841) to the bugs being blocked by your review request. For more information read the How to get sponsored into the packager group wiki page.
- Wait for someone to review your modulemd file! At this point in the process, the fedora-review flag is blank, meaning that no reviewer is assigned.
- There may be comments from people that are not formally reviewing the module, they may add NotReady to the Whiteboard field, indication that the review request is not yet ready, because of some issues they report. After you have addressed them, please post the URLs to the updated modulemd file and associated files and remove it from the Whiteboard. It is expected that you will respond to commentary, including updating your submission to address it; if you do not, your ticket will be closed.
- A reviewer takes on the task of reviewing your package. They will set the fedora-review flag to ?
- The reviewer will review your modulemd. You should fix any blockers that the reviewer identifies. Once the reviewer is happy with the package, the fedora-review flag will be set to +, indicating that the package has passed review.
- At this point, you need to make an SCM admin request for your newly approved Module! If you have not yet been sponsored, you will not be able to progress past this point. (You will need to make sure to request the
modulenamespace in PackageDB)
- Checkout the package using "fedpkg clone module/<module-name>" and do a final check of your files.
- When this is complete, you can add relevant module files into the SCM.
- Request a build by running "mbs-build submit" from the directory you cloned into.
- You should make sure the review ticket is closed. You are welcome to close it once the module has been built. If you close the ticket yourself, use NEXTRELEASE as the resolution.
You do not need to go through the review process again for subsequent module changes for this module stream.
The Reviewer is the person who chooses to review a package.
The Reviewer can be any Fedora account holder who is a member of the packager group. (If the Contributor is not yet sponsored, the review can still proceed to completion but they will need to find a sponsor at some point.)
Module Metadata File
- Search for a review request that needs a reviewer: http://fedoraproject.org/PackageReviewStatus/ (fedora-review flag is blank or the bug is assigned to email@example.com)
- If you notice some issues that need to be solved before you want to start a formal review, add these issues in a comment and set the Whiteboard of the bug to contain NotReady. This helps other possible reviewers to notice that the review request is not yet ready for further review action.
- if you want to formally review the Module Metadata (modulemd) file, set the fedora-review flag to ? and assign the bug to yourself.
- Review the module ...
- Include the text of your review in a comment in the ticket. For easy readability, simply use a regular comment instead of an attachment.
- Take one of the following actions:
- ACCEPT - If the module is good, set the fedora-review flag to +
- FAIL, LEGAL - If the module is legally risky for whatever reason (known patent or copyright infringement, trademark concerns) close the bug WONTFIX and leave an appropriate comment (i.e. we don't ship mp3, so stop submitting it). Set the fedora-review flag to -, and have the review ticket block FE-Legal.
- FAIL, OTHER - If the module is just way off or unsuitable for some other reason, and there is no simple fix, then close the bug WONTFIX and leave an appropriate comment (i.e. we don't packaging and gift wrap are not the same thing, sorry. Or, this isn't a modulemd, it's a McDonald's menu, sorry.) Set the fedora-review flag to -.
- NEEDSWORK - Anything that isn't explicitly failed should be left open while the submitter and reviewer work together to fix any potential issues. Mark the bug as NEEDINFO while waiting for the reviewer to respond to improvement requests; this makes it easier for reviewers to find open reviews which require their input.
- Once a package is flagged as fedora-review + (or -), the Reviewer's job is done although they may be called upon to assist the Contributor with the import/build/update process and to ensure that the Contributor closes the ticket out when the process is complete.
Definitions for fedora-review Flag Settings
|fedora-review||(BLANK)||Module Needs Review|
|fedora-review||?||Module Under Review|
|fedora-review||-||Module Failed Review, dropped for legal or other issues.|
Special blocker tickets
There are a few tickets which can be placed in the "Blocks" field to indicate specific ticket statuses:
|FE-NEEDSPONSOR||The submitter requires a sponsor; the review should only be done by a sponsor.|
|FE-DEADREVIEW||The review has been closed out because the submitter has left; users looking for a Module to submit may find some possibilities in these dead tickets.|
|FE-Legal||The Module is currently awaiting review by the legal team.|
To save time for reviewers, the page at http://fedoraproject.org/PackageReviewStatus/NEW.html will hide certain tickets which are not reviewable. The Whiteboard field can be used to mark a ticket with various additional bits of status which will cause it to be hidden or displayed differently. (Note: The Package nomenclature is carried over here and you will want to filter for "Module Review")
|NotReady||The Module is not yet ready for review. It is possible to open a review ticket, mark it as NotReady, and continue to work on it until it's ready to be seen by a reviewer.|
|BuildFails||The Module fails to build.|
|AwaitingSubmitter||The Module review is stalled and cannot proceed without input from the submitter.|
|Trivial||The Module is trivial to review. See below.|
The "Trivial" status is intended to indicate Modules which, as an aid to new reviewers, are especially uncomplicated and easy to review. A ticket should not be marked as being trivial unless:
- The Module is known to build and a link to a scratch build is included.
- The ticket explains any rpmlint output which is present.
- The Module contains no daemons.
- The Module is not especially security sensitive.
- The code has undergone a thorough inspection for licensing issues. Anomalies which would be found by licensecheck should be explained.
In short, this should be reserved only for those tickets which should be easily approachable by someone doing their first Module review.
Tracking of Module Requests
The cached Package Review Tracker provides various review-related reports and a simple way to search for reviews by package name or reporter name or others. (Note: The Package nomenclature is carried over here and you will want to filter for "Module Review")