Please keep fedora-review alive

09. 01. 2023 | Jakub Kadlčík | EN fedora packaging fedora-review

The fedora-review is an essential tool for reviewing new Fedora packages. It helps us ensure that they are of a good enough quality, don’t violate any licenses, and don’t unpleasantly surprise our users. And it needs more developers.


Thousands of new packages are added to Fedora every year and approximately half of them are reviewed using the fedora-review tool. Every year, a couple of hundred packages are created using a spec file generator (e.g. rust2rpm) and reviewers often shortcut the process using their own simplified checklist. The rest of the packages are not being reviewed via the fedora-review tool for reasons that I can only speculate. You can check how I obtained the data.

Package reviews throughout the years and fedora-review usage in the blue color.

Unfortunately, the fedora-review project doesn’t receive as much love and attention it needs. All of the current maintainers are prominent members of the Fedora community, and as such, they are occupied with other high-priority projects, leaving the
fedora-review as a side gig. In any case, big thanks to every one of them for making the time to work on this project at all. It’s appreciated.

We really need it

According to the Package Review Guidelines, reviewers need to go through a checklist of 31 items that every new package must, and 9 items that it should comply with. On top of this, there are additional checks based on the programming languages used for the package source code. They are more loosely defined but for example, I found at least 28 items for python.

Let’s take a closer look at one of the more amusing items on the checklist for every package.

MUST: The package must meet the Packaging Guidelines .

The Fedora Packaging Guidelines is a 738 pages long document (It is a website actually, so I saved each subpage into PDF and counted the pages). Moreover, it is a live document, so every reviewer needs to keep up with the changes.

I think that we can agree that without any automation, this is a lot of manual labor. That’s where the fedora-review tool comes in handy. It cuts down the number of manual checks to about half. I also think we didn’t reach its limits yet, many more checks can be (semi)automatized, it’s only a matter of implementing it.

Do the math - If implementing one check costs 2 hours of developer time, and it saves one minute to a reviewer - with 1000 reviews per year, that’s 16 hours saved per year.

Additionally, the Fedora Review Service now automatically runs fedora-review for each package review ticket, saving the reviewers even more time.

Every fedora-review improvement saves us time and money, please keep developing it.