Who is Allowed to Modify Which Packages

With the current Git layout each member of the provenpackager group can modify most packages. As an exception, some specific packages can be closed to provenpackagers, upon FESCo approval.


Normally the maintainer that is listed as primary maintainer in the dist-git repository of a package is the only one who modifies the package or gives others permission (e.g. by accepting them as co-maintainers) to commit and build changes for that package. Bugzilla or repository’s pull requests are normally the best way to contact the package maintainer or to send them patches and suggestions because they are neutral and trackable; but poking people once or twice in IRC or directly via mail might be a good idea.

But there are certain exceptions where maintainers need to accept that other packagers will modify the packages they are responsible for. Those exceptions are described in detail below. They mostly boil down to this: In any of the following cases, the provenpackagers are allowed to fix stuff in other peoples packages:

  • a packager doesn’t fix important bugs in time

  • there are problems known that might be bad for the whole Project or to a lot of users of the repo/a particular package

  • the changes are quite minor or considered as a general cleanup to a lot of packages

  • the changes are part of a Fedora Objective, with a specific plan approved by FESCo


This is section will try to explain above rules in more detail. It will never be able to cover all things that might arise in Fedora, but it should give everyone some idea how to lay out the above rules.

Unhandled issues

Packagers should keep track of the packages for which which they are responsible. That means:

  • respond in bugs reported in bugzilla, especially fast if it’s a serious problem like a security issue

  • fix issues without explicit poking if it is mentioned in the problem reports somewhere — that includes:

    • fix EVR problems, when they get mentioned in problem reports (for example, a broken upgrade path)

    • fix dependency issues (including those in the devel repo) — the script sends problems to both the maintainer and the list

    • participate in mass-rebuilds and fix Fails to Build from Source bugs

  • update to new versions of software as it becomes available upstream, following the updates policy

If the packager doesn’t keep track of those items, then other experienced packagers are free to fix stuff for them. It’s impossible to set a timeframe when a contributor should step forward to fix stuff because that depends on how bad the problem that needs fixing actually is. But some examples:

  • security problems:

    • Important stuff should be fixed as quickly if possible — waiting one day for the maintainer to show up and step in to fix a issue that got reported to them is considered more than enough; there may even be situations where issues need to be fixed quicker

    • not that important problems should be dealt with quickly, too — waiting for 2-7 days (depending how bad the issue is) is considered enough

  • bugs needing similar treatment like security problems:

    • Important stuff (data corruption for users) should be fixed as quick if possible — waiting one day is considered more than enough here, too

    • harmful, but not that bad bugs that might hurt users — waiting for 2-14 days (depending how bad the issue is) is considered enough

    • annoying, but not that harmful bugs — waiting for 21 days is considered enough

Some notes:

  • If a packager is offline for longer time periods (for example five days or longer) due to vacation, traveling or other issues they may announce that on the vacation calendar. In this case, others know not to expect an answer before the packager returns and can immediately proceed to fix things (e.g. if a Security Fix needs to be applied).

  • Unhandled actually really means completely unhandled — if the maintainer responded once in a bug report, but fell silent afterwards, try to ping them again, maybe they have just forgotten about this bug. Or there might be some good reason why they have not yet committed the provided fix.

  • If you committed changes to another package wait some hours if possible (normally 24 or 48) before you actually build the updated package as long it is nothing serious that should be fixed quickly (security problems, …​). That leaves some time for the maintainer to wake up.

  • Experienced packagers should limit their changes to other people packages to things that are well agreed upon. I.e. don’t fix things considered somewhat controversial or a matter of style.

Minor, general or cleanup changes

Sometimes there are situations where it’s simply a lot easier to fix stuff directly in Git than via bugzilla and the proper maintainers. So much easier that we should leave this path open. These situations shouldn’t arise that often. Some examples of situations where bypassing the proper maintained is considered fine:

  • support for a new architecture — that often requires that a lot of packages need adjustments or patches that packagers often can’t even test themself. Getting all those modifications in via bugzilla is a lot of annoying work, so these things can be fixed directly in rawhide without contacting the individual maintainers if the general effort was announced beforehand. A SIG should handle the stuff and continue with normal operations after the initial porting efforts are finished.

  • small fixes or adjustments for new or modified packaging guidelines can be done directly in Git after being announced some days in advance.

  • mass rebuilds.

Changes for Fedora Objectives

Sometimes, we may want to make big changes which go beyond cleanup, in support of a Council-approved Fedora Objective. These changes will be easier to make in coordination rather than individually. In these situations, FESCo will discuss a plan, including the scope of the changes and communicate that via the devel list.