Re: A proposal for better quality in maintenance of packages by reducing

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A proposal for better quality in maintenance of packages by reducing

From:	Christopher Baines
Subject:	Re: A proposal for better quality in maintenance of packages by reducing scope
Date:	Tue, 23 Mar 2021 20:57:38 +0000
User-agent:	mu4e 1.4.15; emacs 27.1

Léo Le Bouter <lle-bout@zaclys.net> writes:

> There's lots of packages in GNU Guix and maintaining all of them is
> tedious, even if we have tooling, there's only so much we can do.
>
> I want to have a secure and reliable system, I would also like to only
> depend on packages I know are easy to maintain for GNU Guix
> contributors.
>
> I would like to propose that we reduce the scope of the maintenance we
> do in GNU Guix and establish a list of packages that we more or less
> commit to maintaining because this is something that we can do and is
> attainable, for example, we could remove desktop environments that we
> can't maintain to good standards realistically and focus our efforts on
> upstreams that don't go against our way of doing things, that are
> cooperative, that provide good build systems we can rely on for our
> purposes, etc.
>
> I propose we also add some requirements before packages can go into
> such a maintained state, like a working and reliable updater/refresher
> with notifications directed to some mailing list when that one finds a
> new release, a reduced amount of downstream patches and a cooperative
> upstream with who we preferably have some point of contact to solve
> issues or gather more insider knowledge about the software if we need,
> a working and reliable CVE linter with proper cpe-name/vendor and
> notifications going to a mailing list we all subscribe to, etc..
> probably lots of other things are relevant but you see the idea.
>
> It should also be possible to filter out packages that are not declared
> to be in this maintained state, for example, in the GNU Guix System
> configuration.
>
> Some kind of quality rating for packages that users can trust.
>
> What do you think?

This might be beneficial once there are obvious different groups of
packages, probably falling in to a hierarchy (even just a two level
one). But I don't think that point has been reached yet, so this sounds
like more work for not much benefit.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

A proposal for better quality in maintenance of packages by reducing scope, Léo Le Bouter, 2021/03/23
- Re: A proposal for better quality in maintenance of packages by reducing scope, david larsson, 2021/03/23
- Re: A proposal for better quality in maintenance of packages by reducing scope, Christopher Baines <=
- Re: A proposal for better quality in maintenance of packages by reducing scope, Ludovic Courtès, 2021/03/30

Prev by Date: help with go package
Next by Date: guix environment guix -pure can't locate lesspipe
Previous by thread: Re: A proposal for better quality in maintenance of packages by reducing scope
Next by thread: Re: A proposal for better quality in maintenance of packages by reducing scope
Index(es):
- Date
- Thread