From Fedora Project Wiki

作者: Tom 'spot' Callaway 及其他
版本号 0.06
初始版本: 2007-03-12
最后修订: 2010-11-13

审核目的

给 Fedora 项目添加一个新的软件包之前该软件包必须接受来自官方的审核。审核的目的在于确保这个软件包符合 Fedora 项目的基本质量要求。审核通过并不意味着这个软件包非常好,但是能保证它本身符合我们对它的最低质量要求。

Reviews are currently done for totally new packages, package renames, old packages that were once depreciated returning to the collection, and packages merged from the old Fedora Core repository.

Review Process

There are two roles in the review process, that of the contributor and that of the reviewer. In this document, we'll present both perspectives.

Contributor

A Contributor is defined as someone who wants to submit (and maintain) a new package in Fedora. To become a contributor, you must follow the detailed instructions to Join the package collection maintainers.

As a Contributor, you should have already made a package which adheres to the Package Naming Guidelines and Packaging Guidelines. There are also some packages that cannot be included in Fedora, to check if your package applies, check if it contains any Forbidden items.

When you're happy with your spec file, you should then submit that SRPM to a package review. Currently, this is done by following these steps:

  1. Put your spec file and SRPM somewhere on the Internet.
  2. Fill out a request for review in bugzilla. For guidance, a screenshot of a sample bugzilla request is available for review.
  3. If you do not have any package already in Fedora, this means you need a sponsor and to add FE-NEEDSPONSOR to the bugs being blocked by your review request. For more information read the How to get sponsored into the packager group wiki page.
  4. Wait for someone to review your package! At this point in the process, the fedora-review flag is blank, meaning that no reviewer is assigned.
    Idea.png
    Review Swaps
    If nobody comments on your review request, you might want to mail to a mailing list (for example, devel) asking for a "review swap". This is an offer to do a review of someone else's package in exchange for them reviewing your package. This is usually one-for-one, or can be some other private arrangement depending on the difficulty of the respective packages.
  5. There may be comments from people that are not formally reviewing the package, they may add NotReady to the Whiteboard field, indication that the review request is not yet ready, because of some issues they report. After you have addressed them, please post the URLs to the updated SPEC and SRPM file and remove it from the Whiteboard. It is expected that you will respond to commentary, including updating your submission to address it; if you do not, your ticket will be closed.
  6. A reviewer takes on the task of reviewing your package. They will set the fedora-review flag to ?
  7. The reviewer will review your package. You should fix any blockers that the reviewer identifies. Once the reviewer is happy with the package, the fedora-review flag will be set to +, indicating that the package has passed review.
  8. At this point, you need to make an SCM admin request for your newly approved package.
  9. When this is complete, you can import your package into the SCM.
  10. Checkout the package using "fedpkg clone <package-name>" do a final check of spec file tags, etc.
  11. Request a build by running "fedpkg build".
  12. Repeat the process for other branches you may have requested.
  13. Request updates for Fedora release branches, if necessary, using "fedpkg update" or another Bodhi interface as detailed in Bodhi.
  14. You should make sure the review ticket is closed. You are welcome to close it once the package has been built on the requested branches, or if you built for one of the Fedora release branches you can ask Bodhi to close the ticket for you when it completes the process. If you close the ticket yourself, use NEXTRELEASE as the resolution.

You do not need to go through the review process again for subsequent package changes.

审核者

审核者就是审核软件包的人。

Note.png
除了审核者的评论
软件包审核请求允许他人留下评论或其它内容。特别是有已经熟知 打包规定 的人正在寻求审核帮助的时候会留下请求的评论。

审核者应该是 packager 组 的组员。唯一例外是如果这个审核请求是某人的第一个软件包的话,保证人 身份。了解某位贡献人员是否是被保证身份,请自行查阅 packager 组

  1. 搜索一个需要审核者的审核请求:http://fedoraproject.org/PackageReviewStatus/ (fedora-review 标识 为空的 bug 被分配给(assigned)nobody@fedoraproject.org)
  2. 如果您在开始正式审核之前发现有问题需要解决,请在请求留下评论并且白板为 NotReady 状态。这会帮助其他可用的审核者注意到该审核正处于未准备好状态。
  3. 如果开始正式审核,请设置 fedora-review 标识为 ? 并分配该请求为您本人。
    Note.png
    退出审核
    如果您因为某些原因需要退出审核,请重置 fedora-review 标识为空 并且 重新分配为默认的组件属主,即 nobody@fedoraproject.org
  4. 审核过程 ...
  5. Include the text of your review in a comment in the ticket. For easy readability, simply use a regular comment instead of an attachment.
  6. Take one of the following actions:
    • ACCEPT - If the package is good, set the fedora-review flag to +
      Questionmark.png
      Time to sponsor?
      If the Reviewer is also acting as Sponsor for the Contributor, then this is the time to sponsor the Contributor in the account system
    • FAIL, LEGAL - If the package is legally risky for whatever reason (known patent or copyright infringement, trademark concerns) close the bug WONTFIX and leave an appropriate comment (i.e. we don't ship mp3, so stop submitting it). Set the fedora-review flag to -, and have the review ticket block FE-Legal.
    • FAIL, OTHER - If the package is just way off or unsuitable for some other reason, and there is no simple fix, then close the bug WONTFIX and leave an appropriate comment (i.e. we don't package pornography for redistribution, sorry. Or, this isn't a specfile, it's a McDonald's menu, sorry.) Set the fedora-review flag to -.
    • NEEDSWORK - Anything that isn't explicitly failed should be left open while the submitter and reviewer work together to fix any potential issues. Mark the bug as NEEDINFO while waiting for the reviewer to respond to improvement requests; this makes it easier for reviewers to find open reviews which require their input.
  7. Once a package is flagged as fedora-review + (or -), the Reviewer's job is done although they may be called upon to assist the Contributor with the import/build/update process and to sure that the Contributor closes the ticket out when the process is complete.

fedora-review 标识定义

fedora-review (BLANK) 需要审核
fedora-review ? 正在审核
fedora-review - 由于法律或其它信息,审核失败
fedora-review + 审核通过

Special blocker tickets

There are a few tickets which can be placed in the "Blocks" field to indicate specific ticket statuses:

FE-NEEDSPONSOR The submitter requires a sponsor; the review should only be done by a sponsor.
FE-DEADREVIEW The review has been closed out because the submitter has left; users looking for packages to submit may find some possibilities in these dead tickets.
FE-Legal The package is currently awaiting review by the legal team.

The Whiteboard

To save time for reviewers, the page at http://fedoraproject.org/PackageReviewStatus/NEW.html will hide certain tickets which are not reviewable. The Whiteboard field can be used to mark a ticket with various additional bits of status which will cause it to be hidden or displayed differently.

NotReady The package is not yet ready for review. It is possible to open a review ticket, mark it as NotReady, and continue to work on it until it's ready to be seen by a reviewer.
BuildFails The package fails to build.
AwaitingSubmitter The package review is stalled and cannot proceed without input from the submitter.
Trivial The package is trivial to review. See below.

The "Trivial" status is intended to indicate packages which, as an aid to new reviewers, are especially uncomplicated and easy to review. A ticket should not be marked as being trivial unless:

  • The package is known to build and a link to a scratch build is included.
  • The ticket explains any rpmlint output which is present.
  • The spec contains nothing which is unnecessary in modern Fedora (such as BuildRoot:, a %clean section or %defattr).
  • The spec is free from excessive or complicated macro usage.
  • The spec uses only the least complicated scriptlets which are taken directly from the Packaging:ScriptletSnippets page.
  • The package contains no daemons.
  • The package is not especially security sensitive.
  • The code has undergone a thorough inspection for licensing issues. Anomalies which would be found by licensecheck should be explained.

In short, this should be reserved only for those tickets which should be easily approachable by someone doing their first package review.

跟踪进度

软件包审核进度查询工具 提供多个与审核相关的报告和简单的审核搜索功能,比如软件包名,维护人,提交人等等。