viernes, 24 de abril de 2009

Debian's NEW queue: a proposal

In a previous post, I ranted about Debian's NEW queue. In that post I said I din't had an idea on how to fix it. Now I do. Please consider this something like a "non-official Debian draft RFC".

The queue's restrictions:

  • Debian can not guarantee that packages uploaded to the queue are fitted for the project, so they must not be publicy available.
  • It must be a ftp-master the one who does the final check and decide wether to let the package in the repos or not.
The proposal basics:

  • Let the packages be peer-pre-reviewed.
  • Allow access to the packages only to specific people.
  • The queue must be per-day-FIFO (more on this later), with the exception of packages that fixes RC bugs.
Posible implementation:

Allow both DDs and contributors to help (and thus, permission for accesing the packages in the queue). DDs are easy, contributors must fill some requirements:
  • Have a PGP key signed at least by two DDs. The same requirement for becoming a DD.
  • Ask permision ¿on some public list? to do the job. The contributor key must be added to a list of allowed keys.
Now for each package, a reviewer (now considering both DDs or contributors) must review the package (of course) and send a PGP signed mail with the acceptance of the package or notes on why it does fail, much in the way we already do with the BTS's control e-mail address. In case of comments, the uploader will receive a copy and may decide to upload a new version of the package, going to the bottom of the queue.

Why the need of the PGP signature? In this way we restrict the access to the packages in the queue to people that has been allowed to do that, and the sign in the e-mail will check that this person can review packages.

When a contributor accepts a package, it gives (for example) a point for that package. When a DD accepts the package, it gives (again as an example) two points to the package.

Now to the ftp-master game: when the ftp-master reviews the queue, it must take only packages from the latest day in the queue, not being able to review other package of a nearer day until the packages of the latest days are all reviewed (thus the per-day FIFO queue). Packages fixing RC bugs are an exception to this rule (thus we may consider two queues with priorities).
The puntuation given in the points below will help the ftp-master in reviewing the package: packages with more points were more peer-reviewed, packages with less points will need less attention. Comments will help to pin-point problems in a fastest way.

Of course, one may argue that the points are useless, but I think in this way people are encouraged to do revisions of the packages.

This being a "non-official Debian draft RFC", I wait for your comments :-)

Update (20090425 11:38 GMT-3): Ana told me that very similar things have been already proposed by several people before, and it seems that the FIFO idea just doesn't work. I must admit I was waiting someone to come up with this, but I have ranted and not proposed a solution, so at least with this I have tried :-)