Even if it already went to testing and sit there for ages? This will lead to
MANY updates being stalled in testing forever! Hardly any update is getting
+3 karma right now. Karma is completely useless in practice. People "gaming
the system" are going to be the only way updates can go out at all under
such a proposal.

Sure, we'd all love that kind of test coverage. It's just not practicable at
all. We need to be realistic.

In addition, it has been explained very clearly in the discussions on this
mailing list why the current karma system is a poor indicator of update
stability. Relying on it as the only way an update can go stable is just
insane.

You gotta be kidding! Just look at the current update landscape to see how
far from the truth this is.

(And I also wonder with what authority you speak in the name of FESCo as a
whole. The fact that what you're saying is so clearly wrong makes this all
the more an issue.)

Kevin Kofler

I don't think this is ideal.

I'm having déjà vu from a lot of these discussions & proposals -- we've
been here before. When I created bodhi, it initially disallowed pushes
directly to stable. This behavior... didn't sit well with The
Community, for a variety of reasons. As you can tell by the uproar in
every single one of these threads, if these same restriction are put in
place again we will lose a lot of important contributors.

Instead of re-implementing old controversial behavior, lets look at some
recent behavioral changes in bodhi and see if we can build on top of
those to solve these problems.

For example, I recently implemented various policy restrictions for
critical path/no frozen rawhide updates for pending releases. In order
for a critical path update to get marked as 'stable' for a pending
release, it must have at least +1 karma from releng/qa members, and at
least +1 from an authenticated user. These values, of course, are
configurable.

I think a much better solution would be to require similar critical path
policies, across *all* releases, not just pending ones, while still
allowing non-critpath packages to go directly to stable.

Requiring a static amount of karma across all updates is not going to be
sufficient, especially with the current karma system (which I think
needs improvement). Especially now with the easy-karma script, people can
+1 dozens of updates at a time, reaching +3 will be almost too easy for
certain packages, and yet not not easy enough for others. Having
configurable karma thresholds for different packages seems to be
sufficient, and it allows package maintainers to use their intuition to
tweak these thresholds accordingly to fit their workflow and tester
base. For example, the kernel maintainers disable karma automation
entirely, and one could argue that this flexibility is important.

Regarding the current karma system, I think Doug Ledford brought up some
good ideas in the earlier thread 'Bodhi karma feature request', and
I know other bodhi developers agree.

With an improved karma system, stricter critpath update handling, AutoQA
integration, and giving The User more fine-grained control over what
types of updates they actually want, I think we'll be much better off
than we currently are.

luke

Two questions:

How do you plan to convince people to actually test packages? My
understanding right now is that folks who end up testing packages do so
exclusively because they themselves ran into the bug that is being
fixed. And as soon as that itch they are scratching is fixed, they
seldomly report back about this. (At least that is what I am
experiencing. In quite a few cases I know that people happily took
packages from bodhi but never reported back)

Making the user Karma logic the *only* path into the stable distribution
hence makes the distro depend on feedback by our users. And I
wonder if we really want to depend on that.

And secondly: trhere are many bugs that are only triggered in very
particular use cases or on very particular hardware. Nonetheless they
are bugs that are worth to be fixed. For those it is going to be hard to
get updates accepted simply because the number of people who could and
want to test this is minimal. (And I know what I am talking of, having
to deal with PA compatibility with a vast number of different audio
hardware and drivers).

All in all, I think the Karma logic is a good tool to speed up things,
it is not useful as the *only* path into the stable distribution.

Unless of course we create some kind of body whose sole job is to test
and provide karma to updates that are not otherwise tested by the
users. And which hence can be blamed if packages stay stuck in bodhi.

Because right now there is a substantial number of updates I push that
stay stuck in bodhi for really long times because not enough people
bother... And if in the future those packages will stay there forever
because I cannot push them myself than I'd be royally annoyed.

Lennart

- -1, I would have to orphan most of my packages and give up my current
plans of founding a Common Lisp SIG as it will die suffering the
chicken-and-egg problem if this gets approval.
I'd rather fork Fedora than accept this without massive modification
(see my first post in this thread).

Alexander Kahl
GNU/Linux Software Developer

Dne 8.3.2010 22:59, Matthew Garrett napsal(a):

I usually decrease required karma to +-1, but I have never experienced
package pushed to stable because of karma. Does it mean that I shouldn't
bother to fix bugs in the released distros, because new release will
newer get out of updates-testing?

Please clarify.

Thank you,

Matěj

Matthew Garrett píše v Po 08. 03. 2010 v 21:59 +0000:

I think first should come the answer on "what problem is this proposal
trying to solve?". Is it the plain number of updates? Is it the quality
of updates? What updates failed?

Unfortunately this tries to use the "one size fits all" method, but this
can't work in the recent Fedora with the number of source packages
attacking the 10000 mark. And for sure there are packages with many
users (millions?) and on other side packages with few users (dozens or
even less). And as others said, sometimes it's hard to get even a
response from the reporter on his own bug ...

Yes, this can again work for the mainstream packages and not for the
rest. And as result the only way to get a newer version of a
non-mainstream package will be only to upgrade the whole distro with a
waiting time up to 6 months. The new release contains both bugfixes and
new features, because the author can't maintain multiple branches at a
time and is doing releases every few months - one of the open source
principles was release early, release often.

So what are the options if the situation is so serious that something
must be done:
- start automated testing of updates - let the machine work, it can do a
lot
- divide packages into more tiers - add one(?) level between critpatch
and the rest that would require better testing (for example containing
libraries used by another package), some statistics how much are
packages installed would be needed
- start creating personal repos with updated stuff - and I always
thought this is the wrong way that is used by other distros and their
users ...
- improve the updates delivery mechanism so the user can easily consume
the regular updates and also test and comment the non-stable ones, this
would also require educating the users that there can be a newer version
in updates-testing when they are not satisfied with the stable one
- every package must have a QA person, well at least 3 ...

And yes, there are some not very nice options too ...

Dan

Hi Matthew,

Thank you to you, Josh, and others for putting effort into these
discussions. And thanks for bringing this up in the meeting tomorrow.
Some comments inline below that might be useful, or not.

Before I get into what you wrote, can I also suggest asking Fedora users
what they want? We already have an announce list, and we have things
like firstboot, and the fedoraproject start page. It would be *trivial*
to post a survey up on the website that most users are going to see, for
the next few months, and collate actual responses from end Fedora users.
If they want rolling updates, so be it and some of us are "wrong". But
for goodness sake, let's actually ask the users about it.

Indeed. I believe this is the number one problem right now. The problem
is that a single package update can introduce compound issues with other
packages that were unforeseen and untested, especially the latter. This
is an issue even for the "slow moving" Enterprise distros, and they have
entire teams of people paid to do very thorough testing before pushing
each individual update. Fedora can't quite do that, but I believe that
is therefore even more of a reason to slow down the update pace. After
all, there's a new release in 6 months, not years later (as would be the
case with an enterprise distro). I'd rather wait 6 months for some
feature than have to take time out of the day to fix a stable box.

I believe that this is possibly too limited. Aside from the obvious
abuse potential (which will always exist no matter what happens) -
obviously someone could just hate the process and decide to have a
couple of others sign off on everything no matter what - I think it
should be necessary to have a cooling off period between pushing an
update, it being voted on, and it going out live. It doesn't have to be
weeks, but it should be long enough for the person who actually reported
some bug to test that it is fixed and for others who aren't able to
devote time every day to see the update. I suggest 3-5 days.

I also suggest /considering/ implementing rolling updates rather than
pushing everything to stable. By rolling updates, in this case I mean
implementing a technical means (and this is tricky with mirrors) by
which not every user will receive the update at once. Perhaps PackageKit
already does something with random deltas for non-security updates. I
usually do updates myself manually (I upgrade stable Fedora systems only
when I am certain to have time to reboot, and then I will bite the
bullet and apply many updates at once) so I haven't noticed that.

It might be worth /considering/ something like "volatile" on other
distros. I know that's mostly for anti-spam type stuff. But perhaps some
parallel stream similar to updates-testing where users can elect to have
new features if they want them, or retain the stable release (in which
case all they get is security fixes). Basically, fedora-updates becomes
literally a separate stream disjoint from the regular fedora stream.

Jon.

Hmm. So. I have a package, perl-Moose, that has 4,667 tests run at
build time. It depends on perl-Class-MOP, which has 2,225 tests, and
it in turn depends on perl, which has 234,776 tests run at build. On
a future note, we're working on setting up smoke testing, so when we,
say, rebuild perl-Class-MOP we also run perl-Moose's tests.

If I rebuild perl-Moose, or really, any of these packages, what sort
of manual testing would you suggest we require before pushing the
update?

-Chris