reopen 55541

Ludovic Courtès schreef op vr 24-06-2022 om 22:56 [+0200]:
> These are all good points and I appreciate that you did such a thorough
> review (audit?) of the package!

I looked through the code a bit, didn't check every file, so I wouldn't
call it an audit.

> 
> That said, I think it’s a bit too much to ask of a downstream packager
> or user to address these issues.  As I see it, these issues should be
> reported upstream and addressed upstream.
> 
> I hope that makes sense!

AFAICT the issues have not been reported upstream yet, so I don't think
we can close this entry on debbugs yet.  While I'd like for downstream
packaging to be trivial, the sad reality is that sometimes is not the
case, the issues are still there and need to be resolved somehow (fixed
downstream or upstream, or reported upstream).

If not by the new downstream packager that submitted the patch, then by
the the one committing the patch, or by a reviewer, or by some more
neboluous role of a random Guix contributor, or in some exceptional
cases the issue could be considered ‘too difficult and not too bad’
with some corresponding reasoning.  (It's most efficient if the
reporting or fixing is done directly by the submitter, but if the
submitter can't do it for whatever reason, then surely something can
eventually be worked out by other people, albeit more slowly.)

However, AFAICT, none of that has happened yet.

More generally, I don't think we should have an ‘packages included in
Guix should be good, unless submitted by a newbie’ exception.  Also,
potentially the new submitter would _like_ to learn more about Guix
(and have time for it, etc.) and learn how to improve things?

In the future, if someone submits a patch and I notice it has some
complicated problems, should I just ignore the complicated problems and
just LGTM?  This seems contrary to the concept of reviewing to me. 
(This is probably not what you meant, but to me, this is implied by
your response.)

Greetings,
Maxime.