[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A proposal for better quality in maintenance of packages by reducing
Re: A proposal for better quality in maintenance of packages by reducing scope
Tue, 23 Mar 2021 20:57:38 +0000
mu4e 1.4.15; emacs 27.1
Léo Le Bouter <email@example.com> writes:
> There's lots of packages in GNU Guix and maintaining all of them is
> tedious, even if we have tooling, there's only so much we can do.
> I want to have a secure and reliable system, I would also like to only
> depend on packages I know are easy to maintain for GNU Guix
> I would like to propose that we reduce the scope of the maintenance we
> do in GNU Guix and establish a list of packages that we more or less
> commit to maintaining because this is something that we can do and is
> attainable, for example, we could remove desktop environments that we
> can't maintain to good standards realistically and focus our efforts on
> upstreams that don't go against our way of doing things, that are
> cooperative, that provide good build systems we can rely on for our
> purposes, etc.
> I propose we also add some requirements before packages can go into
> such a maintained state, like a working and reliable updater/refresher
> with notifications directed to some mailing list when that one finds a
> new release, a reduced amount of downstream patches and a cooperative
> upstream with who we preferably have some point of contact to solve
> issues or gather more insider knowledge about the software if we need,
> a working and reliable CVE linter with proper cpe-name/vendor and
> notifications going to a mailing list we all subscribe to, etc..
> probably lots of other things are relevant but you see the idea.
> It should also be possible to filter out packages that are not declared
> to be in this maintained state, for example, in the GNU Guix System
> Some kind of quality rating for packages that users can trust.
> What do you think?
This might be beneficial once there are obvious different groups of
packages, probably falling in to a hierarchy (even just a two level
one). But I don't think that point has been reached yet, so this sounds
like more work for not much benefit.
Description: PGP signature