[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A proposal for better quality in maintenance of packages by reducing

From: Christopher Baines
Subject: Re: A proposal for better quality in maintenance of packages by reducing scope
Date: Tue, 23 Mar 2021 20:57:38 +0000
User-agent: mu4e 1.4.15; emacs 27.1

Léo Le Bouter <> writes:

> There's lots of packages in GNU Guix and maintaining all of them is
> tedious, even if we have tooling, there's only so much we can do.
> I want to have a secure and reliable system, I would also like to only
> depend on packages I know are easy to maintain for GNU Guix
> contributors.
> I would like to propose that we reduce the scope of the maintenance we
> do in GNU Guix and establish a list of packages that we more or less
> commit to maintaining because this is something that we can do and is
> attainable, for example, we could remove desktop environments that we
> can't maintain to good standards realistically and focus our efforts on
> upstreams that don't go against our way of doing things, that are
> cooperative, that provide good build systems we can rely on for our
> purposes, etc.
> I propose we also add some requirements before packages can go into
> such a maintained state, like a working and reliable updater/refresher
> with notifications directed to some mailing list when that one finds a
> new release, a reduced amount of downstream patches and a cooperative
> upstream with who we preferably have some point of contact to solve
> issues or gather more insider knowledge about the software if we need,
> a working and reliable CVE linter with proper cpe-name/vendor and
> notifications going to a mailing list we all subscribe to, etc..
> probably lots of other things are relevant but you see the idea.
> It should also be possible to filter out packages that are not declared
> to be in this maintained state, for example, in the GNU Guix System
> configuration.
> Some kind of quality rating for packages that users can trust.
> What do you think?

This might be beneficial once there are obvious different groups of
packages, probably falling in to a hierarchy (even just a two level
one). But I don't think that point has been reached yet, so this sounds
like more work for not much benefit.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]