[lsb-discuss] Who maintains RPM?

Darren Davis ddavis at novell.com
Thu Aug 24 12:28:51 PDT 2006


I found this posted on another mail list, but thought it would be very
relevant here.


> http://lwn.net/Articles/196523/
>    [LWN subscriber-only content]
>    RPM is an important piece of Linux infrastructure. It is the native 
>    package manager for a number of major distributions, including Red 
>    Hat's enterprise offerings, Fedora, and SUSE. The Linux Standard Base 
>    specification requires that all compliant systems offer RPM - even 
>    those which are built around a different package management system. If 
>    RPM does not work, the system is not generally manageable. So it may be 
>    a little surprising to learn that the current status and maintainership 
>    of RPM is unclear at best.
>    Once upon a time, RPM was the "Red Hat Package Manager." In a bid to 
>    establish RPM as a wider standard - and, perhaps, to get some 
>    development help - Red Hat tried to turn RPM into a community project - 
>    rebranding it as the "RPM Package Manger" in the process. But core RPM 
>    development remained at Red Hat, under the care of an employee named 
>    Jeff Johnson. That, it would seem, is where the trouble starts.
>    Back in early 2004, [1]an RPM bug report was filed. The reporting user 
>    had made a little mistake, in that he had tried to install a package on 
>    a system where /usr was mounted read-only. Needless to say, this 
>    operation did not work as intended - an outcome which the bug reporter 
>    could live with. This person, however, did think that it might have 
>    been better if RPM had not corrupted its internal database in the 
>    process of failing. He suggested that RPM should keep its internal 
>    records in order, even if the system administrator has requested 
>    something which cannot be done.
>    The ensuing conversation - lasting for over two years - deserves to 
>    become a textbook example in how not to respond to bug reports. Mr. 
>    Johnson took the position that, since RPM was being asked to do 
>    something erroneous, its subsequent mangling of the package database 
>    was not a bug. Instead, it seems, this behavior should be seen as an 
>    appropriate consequence for having done something stupid. Mr. Johnson 
>    repeatedly closed the bug, stating his refusal to fix it. Numerous 
>    other participants in the discussion made it clear that they disagreed 
>    with this "resolution" of the bug, but nothing, it seemed, could 
>    convince the RPM maintainer to put in a fix.
>    In February, 2006 - almost two years after the bug report had been 
>    entered - Mr. Johnson posted a one-line comment to the effect that 
>    read-only mounts were properly detected in RPM-4.4.5. This might seem 
>    like the end of the story, except for one little problem: Fedora 
>    currently ships version 4.4.2, and even the Fedora development 
>    repository has not gone beyond that. SUSE remains at 4.4.2, and the 
>    current RHEL offerings have rather older versions. Mr. Johnson has 
>    continued to make RPM releases, but the distributors are not picking 
>    them up. They are, instead, shipping an older version of this crucial 
>    tool, augmented with a rather hefty list of patches.
>    Part of what is happening here is that Mr. Johnson is no longer a Red 
>    Hat employee, having been encouraged to pursue other opportunities. He 
>    does, however, continue to show up on the Red Hat bug tracker when RPM 
>    issues are being discussed; as [2]a current example shows, he does not 
>    appear to have adopted a friendlier attitude toward RPM users (or his 
>    former employer) over time. There has been talk on the mailing lists 
>    about removing his access to the bugzilla database - an action which 
>    may have occurred by now.
>    Red Hat's Greg DeKoenigsberg, who has responsibility for the company's 
>    relations with the development community has [3]stood up and pointed 
>    out, however, that simply silencing one difficult personality will not 
>    address the real problem:
>    When we fired jbj, we didn't have the courage to draw a line in the 
>    sand and say "we're taking upstream ownership of RPM back." Why not? 
>    Because we thought it would be difficult politically? Because we didn't 
>    want the responsibility anymore? Because nobody in management actually 
>    cared enough to think about the ramifications? I don't know.
>    Fast forward a year plus, and here we are. We're in a position where we 
>    have, essentially, forked RPM -- and no one is willing to admit it. No 
>    one is willing to take ownership of what we've done.
>    Perhaps jbj "owns" RPM, in its current incarnation, by default, because 
>    no one else is willing to touch it. That's fine. He can have it. But 
>    that is not what *we* are using.
>    So, when Jeff Johnson walked out the door at Red Hat, he took RPM with 
>    him. Since then, few distributors have wanted to use his releases, but 
>    no other organized project around RPM has come into existence. For the 
>    purposes of the people using distributions from Red Hat and SUSE, RPM 
>    is essentially unmaintained.
>    There has been no clear message to users about the state of RPM. Some 
>    Fedora users have asked, via [4]yet another bugzilla entry, for an 
>    update to Jeff Johnson's current release, but nobody has posted a 
>    definitive reason as to why that will not happen. But it does appear 
>    that there is no interest within Fedora to depend on Mr. Johnson for 
>    anything, much less an important piece of infrastructure, so Fedora 
>    appears unlikely to move to the newer releases.
>    What Greg DeKoenigsberg has said - [5]backed up by Michael Tiemann - is 
>    that the time has come for Fedora and Red Hat to own up to what has 
>    happened and formalize the new status of RPM. The current situation, 
>    where RPM has been forked but nobody is saying so, will not lead to 
>    anything good in the long run. The new RPM - perhaps the "Red Hat 
>    Package Manager" yet again - needs to have its existence acknowledged 
>    and its maintainership made clear. Either that, or Red Hat and Fedora 
>    should acknowledge the current RPM maintainer and move toward rejoining 
>    with his version of the code. Until one of those things happen, there 
>    will continue to be a dark cloud of uncertainty surrounding a tool 
>    which is heavily depended upon by vast numbers of Linux users.
>    (See also: the [6]the Fedora rpm-devel wiki page, which lists features 
>    found in the current RPM release but not in Fedora's version).
> References
>    1. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119185
>    2. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=143301
>    3. http://lwn.net/Articles/196532/
>    4. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174307
>    5. http://lwn.net/Articles/196533/
>    6. http://fedoraproject.org/wiki/rpm-devel

More information about the lsb-discuss mailing list