checklist for reviewing an spkg?
Alex Ghitza
I feel a bit guilty asking this after having assigned reviews to
people (the response has been great btw, thanks!), but I realise that
my Sage development education has a significant flaw: I don't know the
proper way to review an spkg.
There is good documentation in the developer guide for (a) creating an
spkg and (b) reviewing patches in trac. However, I couldn't find
anything about reviewing spkg's, and some things are rather different
from just patches. For instance, does one have to build the spkg on
all platforms supported by Sage? Should one check that spkg-install
and SPKG.txt conform to the recommendations for making an spkg? Is
the procedure for experimental/optional spkg's different than the one
for standard spkg's?
What I am looking for is a step-by-step description that would guide
me through that process of reviewing, so that I don't give a positive
review to something that will create a Sage botnet :) Does such a
document exist? If not, can the accumulated wisdom of sage-devel put
one together?
Best,
Alex
--
Alex Ghitza -- Lecturer in Mathematics -- The University of Melbourne
-- Australia -- http://www.ms.unimelb.edu.au/~aghitza/
Robert Bradshaw
> Hello sage-devel,
>
> I feel a bit guilty asking this after having assigned reviews to
> people (the response has been great btw, thanks!), but I realise that
> my Sage development education has a significant flaw: I don't know the
> proper way to review an spkg.
>
> There is good documentation in the developer guide for (a) creating an
> spkg and (b) reviewing patches in trac. However, I couldn't find
> anything about reviewing spkg's, and some things are rather different
> from just patches. For instance, does one have to build the spkg on
> all platforms supported by Sage? Should one check that spkg-install
> and SPKG.txt conform to the recommendations for making an spkg? Is
> the procedure for experimental/optional spkg's different than the one
> for standard spkg's?
>
> What I am looking for is a step-by-step description that would guide
> me through that process of reviewing, so that I don't give a positive
> review to something that will create a Sage botnet :) Does such a
> document exist? If not, can the accumulated wisdom of sage-devel put
> one together?
This probably isn't complete, but it's what I typically do:
(1) See what's changed. Use diff, or often they just downloaded newly-
released sources. Here you have to judge how much you trust upstream
and the person who packaged it up.
(2) Look at the spkg install, often it's exactly the same as before.
(3) Make sure SPKG.txt is up to date, as well as any revision control
repo.
(4) Install and test all.
- Robert