NOTE: This is a draft document, and does not represent policy or accepted practises. Once the process is accepted, this note should be removed.
We need to ensure that all packages and distributions that CentOS produces are sanitised in a way that they don't mislead the user into thinking they might be running an upstream product. We also need to make sure that any trademark content is handled appropriately, removing anything that needs to go and replacing it with CentOS content.
Things that we need to address:
- Places where upstream contact details like url or email address are mentioned as potential places to get support from.
- Code that checks /etc/ files for content to ascertain what distro is being used needs to be adapted so they are aware of CentOS.
- Any artwork that might indicate that the package is an upstream build or product. eg: themes and wallpaper, bootup splash images, logos that are sometimes visible in the 'About' window of apps etc.
- Any trademark'd content needs to be handled appropriately.
- Sometimes rpm spec files contain specific mention of products. eg 'Fedora Linux' that would need to be changed so users looking at this info are clear they are using a CentOS build.
- All rpms should be clearly marked with their Vendor tag stating 'CentOS'.
- All rpms must be signed with the appropriate CentOS key.
Things that should not change :
- Mention of upstream domain names or usernames in code, either in copyright notices or otherwise.
- Mention of upstream urls and email addresss where they indicate code origin.
Workflow
Anyone can make a change recommendation to meet the above mentioned sanity tests. Rather than using the issue tracker, we are going to use a dedicated web app for this task.
- User puts forward a change recommendation, status is marked : needs-verification
QaTeam member considers the change recommendation, status is marked : Verified or Rejected
- Developer considers the change recommendation and either 'accepts' it or sends it back to QA wth status 'needs-verification'.
- Once accepted, the source rpm is patched and the packages rebuilt with this patch
- Depending on the case, all previous builds for this package might be removed from publicly visible CentOS infrastructure
- Once accepted, the source rpm is patched and the packages rebuilt with this patch
- Developer considers the change recommendation and either 'accepts' it or sends it back to QA wth status 'needs-verification'.
Change Recommendations
Found something that you think needs to be changed to meet the above mentioned issues ? Anyone can file these requests. Here's how:
- First step is to identify what rpm carries the content you want to recommend a change for
You need to then find the source rpm which was used to build this rpm. This is an important step, since we only track packages based on the name of the source rpm that was used at buildtime. You can find the source rpm name for the package that needs attention by running : rpm --qf "%{SOURCERPM}\n" -q <your rpm>
goto http://url/ptrack and create a new login ( if you dont already have one ) for yourself
- select the name of the source rpm and that will bring up a list of all changes recommended, so far, against that package. Check that your request is not already on that list. If it is, you can vote for that change by clicking on the 'vote' button.
- If your request is not already on the list : In the 'Feedback' field make a clear texual note of what you think needs changed and why. This needs to be in english only.
- If you have a patch that makes this change, you can submit the patch into the 'With Patch:' text area 1, Click submit and from here on all progress to your request will be emailed to you.
Comments and discussion
All comments and discussions about the sanity tests should be directed to the centos-devel mailing list. More info about the lists at : GettingHelp/ListInfo