Category: Development (page 1 of 13)

All articles in this category are related to the various Development teams in the Fedora Project, such as package maintainers, quality assurance, and more. https://fedoraproject.org/wiki/Development

Important changes to software license information in Fedora packages (SPDX and more!)

On behalf of all of the folks working on Fedora licensing improvements, I have a few things to announce!

New docs site for licensing and other legal topics

All documentation related to Fedora licensing has moved to a new section in Fedora Docs, which you can find at https://docs.fedoraproject.org/en-US/legal/. Other legal documentation will follow. This follows the overall Fedora goal of moving active user and contributor documentation away from the wiki.

Fedora license information in a structured format

The “good” (allowed) and “bad” (not-allowed) licenses for Fedora are now stored in a repository, using a simple structured file format for each license (it’s TOML). You can find this at https://gitlab.com/fedora/legal/fedora-license-data. This data is then presented in easy tabular format in the documentation, at https://docs.fedoraproject.org/en-US/legal/allowed-licenses/.

Historically, this information was listed in tables on the Fedora Wiki. This was hard to maintain and was not conducive to using the data in other ways. This format will enable automation for license validation and other similar process improvements.

New policy for the License field in packages — SPDX identifiers!

We’re changing the policy for the “License” field in package spec files to use SPDX license identifiers. Historically, Fedora has represented licenses using short abbreviations specific to Fedora. In the meantime, SPDX license identifiers have emerged as a standard, and other projects, vendors, and developers have started using them. Adopting SPDX license identifiers provides greater accuracy as to what license applies, and will make it easier for us to collaborate with other projects.

Updated licensing policies and processes

Fedora licensing policies and processes have been updated to reflect the above changes. In some cases, this forced deeper thought as to how these things are decided and why, which led to various discussion on Fedora mailing lists. In other cases, it prompted better articulation of guidance that was implicitly understood but not necessarily explicitly stated. 

New guidance on “effective license” analysis

Many software packages consist of code with different free and open source licenses. Previous practice often involved  “simplification” of the package license field when the packager believed  that one license subsumed the other — for example, using just “GPL” when the source code includes parts licensed under a BSD-style license as well. Going forward, packagers and reviewers should not make this kind of analysis, and rather use (for example) “GPL-2.0-or-later AND MIT”. This approach is easier for packagers to apply in a consistent way. 

When do these changes take effect?

The resulting changes in practice will be applied to new packages and licenses going forward. It is not necessary to revise existing packages at this time, although we have provided some guidance for package maintainers who want to get started. We’re in the process of planning a path for updating existing packages at a larger scale — stay tuned for more on that!

Thank you everyone!

A huge thanks to some key people who have worked tirelessly to make this happen: David Cantrell, Richard Fontana, Jilayne Lovejoy, Miroslav Suchý. Behind the scenes support was also provided by David Levine, Bryan Sutula, and Beatriz Couto. Thank you as well for the valuable feedback from Fedora community members in various Fedora forums. 

Please have a look at the updated information. If you have questions, please post them to the Fedora Legal mailing list: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/ 

Backwards-incompatible changes in Bodhi

The 6.0 release of Bodhi — Fedora’s update gating system — will be published in a few days. We will deploy it to production a couple weeks after the Fedora release. It includes backwards-incompatible changes. Here’s what you need to know.

Continue reading

Anaconda is getting a new suit and a wizard

In January, we published “Anaconda is getting a new suit” to let you know that we’re looking to modernize and improve Anaconda’s user experience. Before starting the redesign work for the Anaconda installer, the team reviewed user feedback and usability study data that we’ve gathered over the years. 

Continue reading

Collecting ideas for “Feature Spotlight” articles

How do we – as in, the developers and package maintainers who are working on Fedora Linux – make sure people actually know about all the cool stuff we’re doing? That’s the question at the heart of previous discussions on the “devel” mailing list (How do we announce new packages?) and on discourse (Idea for collecting “Cool New Features / Cool New Packages” article ideas).

As it turns out, the answer to that question is: “If what you’ve worked on isn’t big or noteworthy enough, then there’s no place for you”. That’s not good, and it’s why I started working on “Feature Spotlight”.

Continue reading

Anaconda is getting a new suit

It’s quite some time since we created the current GTK based UI for Anaconda: the OS installer for Fedora, RHEL, CentOS. For a long time we (the Anaconda team) were looking for possibilities to modernize and improve the user experience. In this post, we would like to explain what we are working on, and—most of all—inform you about what you can expect in the future.

Continue reading

F35 retrospective results

After the release of Fedora Linux 35, I conducted a retrospective survey. I wanted to see how contributors felt about the release process and identify possible areas we can improve. There was no particular reason to start this with F35 except for that’s when I got around to doing it. So how did F35 go? Let’s look at the results from the 63 responses.

Continue reading

Looking at Fedora Linux 33 bugs

At Nest, I delivered a talk called “Exploring Our Bugs“. But a single snapshot isn’t very useful. Building on the work there, let’s make this a regular thing. With the recent Fedora Linux 33 end-of-life, I’ve added F33 bugs to the bug exploration notebook. Here’s a few of my key findings.

Trends

After a drop in bug reports in F32, F33 had about as many bug reports as F31. This is reflected in both bugs marked as duplicate and non-duplicate bugs.

Duplicate bug reports by release

Bug reports coming from abrt recovered to roughly the historical average after a surprisingly low F32.

Sources (abrt or non-abrt) of bug reports by release

We fixed roughly the same amount of F33 bugs as in the last few releases. But with the increase in overall bugs, that means we left more unfixed bugs this time around. The dramatic increase in bugs closed EOL reflects this.

Bug reports by closure type each release
Percentage of bug reports closed end-of-life by release

The good news is that we are getting faster at fixing the bug reports that we do fix.

Mean and median time to “happy” bug report resolution by release.

New graphs!

I re-downloaded the historical data to add some additional fields. This allowed me to take a look at a few areas we hadn’t examined previously.

Security

The first area I wanted to look at is the number of bugs tagged as being security-related. Fedora Linux 33 had the highest count of security bugs, with over 1200. Looking at the graph, there’s a big jump between F26 and F27. This suggests a process change. I’ll have to check with Red Hat’s product security team to see if they have an explanation.

Security bugs by release

The good news is that we’re fixing more security bugs than we’re not. The bad news is that the proportion of security bugs going unfixed is increasing. To be more correct, more bug reports are not marked as fixed. Security fixes often come in upstream releases that aren’t specifically tied to a Bugzilla bug.

Fixed and unfixed security bugs by release

Like with other bug reports, we’re fixing security bugs fixed faster than in the past. 50% of security bugs are resolved within about two weeks.

Mean and median time to resolution for security bugs by release

QA processes

I also wanted to look at how our QA processes are reflected in the bugs. During discussion of an F35 blocker candidate, Adam Williamson commented that it seemed like we were being looser in our interpretation of release criteria lately. In other words, bugs that would not have been blockers in the past are now. The numbers bear this out. While the number of both accepted and rejected blockers is down significantly from F19, there’s a general upward trend in accepted blockers from F30.

Accepted and rejected blockers by release

We have a big increase in accepted freeze exceptions recently. In fact, it looks exponential. Interestingly, the number of rejected freeze exceptions are roughly the same in that time.

Accepted and rejected freeze exceptions by release

Finally, I was curious to see if our use of the common bugs mechanism has changed over time. It has: we mark far fewer bugs compared to five+ years ago. I will be interested to see if the experiment that uses Ask Fedora to handle common issues changes the trends at all. We’ll have to wait until May 2023.

Number of bugs tagged as a common bug per release

#analysis

The graphs are pretty, but what do they mean? We have to be careful to draw too deep of conclusions. What’s in Bugzilla represents bug reports, not necessarily bugs. Some reports aren’t actual bugs and some bugs don’t have reports. And there’s a lot of “why” that we can’t pull from a summary analysis.

That said, it’s clear that we’re getting more bug reports than we can handle. Some of these should properly be filed upstream. How can we improve on the rest? We can’t do it all at once, but perhaps by working on some subset, we can make improvements. The one that jumps out to me is the security bugs. Can we bring more attention to those? I’ll spend the holiday break thinking about how to make them more visible so that they’re fixed or handled more quickly.

In the meantime, I’d love to hear your ideas, too. If you’d like to examine the data for yourself, everything is in the fedora-bug-data repo.

tmt hint 02: under the hood

After making the first steps with tmt and investigating the provisioning options let’s now dive together a little bit more and look Under The Hood to see how plans, tests and stories work together on a couple of examples.

Continue reading

CPE to staff EPEL work

We are pleased to announce that Red Hat is establishing a small team directly responsible for participating in EPEL activities. Their job isn’t to displace the EPEL community, but rather to support it full-time. We expect many beneficial effects, among those better EPEL readiness for a RHEL major release. The EPEL team will be part of the wider Community Platform Engineering group, or CPE for short.

As a reminder, CPE is the Red Hat team combining IT and release engineering from Fedora and CentOS.
Right now we are staffing up the team and expect to see us begin this work from October 2021. Keep an eye on the EPEL mailing list and the associated tracker as we begin this exciting journey with the EPEL community.

Exploring our bugs, part 3: time to resolution

This is the third and final part of a series I promised during my Nest With Fedora talk (also called “Exploring Our Bugs”). In this post, I’ll analyze the time it takes to resolve bug reports from Fedora Linux 19 to Fedora Linux 32. If you want to do your own analysis, the Jupyter notebook and source data are available on Pagure. These posts are not written to advocate any specific changes or policies. In fact, they may ask more questions than they answer.

Continue reading
Olderposts

Copyright © 2022 Fedora Community Blog

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Theme by Anders NorenUp ↑