Please keep fedora-review alive
The fedora-review is an essential tool for reviewing new Fedora packages. It
helps us ensure that they are of a good enough quality, don’t violate any
licenses, and don’t unpleasantly surprise our users. And it needs more
developers.
Stats
Thousands of new packages are added to Fedora every year and approximately half
of them are reviewed using the fedora-review tool. Every year, a couple of
hundred packages are created using a spec file generator
(e.g. rust2rpm) and reviewers often shortcut the process using their
own simplified checklist. The rest of the packages are
not being reviewed via the fedora-review tool for reasons that I can only
speculate. You can check how I obtained the data.
Package reviews throughout the years and
fedora-review usage in the blue color.
Unfortunately, the fedora-review project doesn’t receive as
much love and attention it needs. All of the current maintainers are prominent
members of the Fedora community, and as such, they are occupied with other
high-priority projects, leaving the fedora-review as a side gig. In any
case, big thanks to every one of them for making the time to work on this
project at all. It’s appreciated.
We really need it
According to the Package Review Guidelines, reviewers need to go through a checklist of 31 items that every new package must, and 9 items that it should comply with. On top of this, there are additional checks based on the programming languages used for the package source code. They are more loosely defined but for example, I found at least 28 items for python.
Let’s take a closer look at one of the more amusing items on the checklist for every package.
MUST: The package must meet the Packaging Guidelines .
The Fedora Packaging Guidelines is a 738 pages long document (It is a website actually, so I saved each subpage into PDF and counted the pages). Moreover, it is a live document, so every reviewer needs to keep up with the changes.
I think that we can agree that without any automation, this is a lot of manual labor. That’s where the fedora-review tool comes in handy. It cuts down the number of manual checks to about half. I also think we didn’t reach its limits yet, many more checks can be (semi)automatized, it’s only a matter of implementing it.
Do the math - If implementing one check costs 2 hours of developer time, and it saves one minute to a reviewer - with 1000 reviews per year, that’s 16 hours saved per year.
Additionally, the Fedora Review Service now
automatically runs fedora-review for each package review ticket, saving the
reviewers even more time.
Every fedora-review improvement saves us time and money, please keep
developing it.