Back in 2020, the EPEL Packagers SIG was created. This was a separate and smaller group from the overall EPEL SIG. The intent was for this SIG to function somewhat like “proven packagers for EPEL”, but also have some similarities with language or topic based SIGs such as the Python SIG. The idea was that members of the SIG could request branches for new EPEL versions and share in the ongoing maintenance of those EPEL packages. It was implemented as a FAS group that needed to be granted permission on a package-by-package basis, so it was opt-in for Fedora maintainers.
Fast forward to today, and I do not believe the EPEL Packagers SIG is in a healthy state.
- The SIG has permissions on a huge number of packages that have nothing to do with each other, so many that the notifications are overwhelming. It has gotten so bad that some people have voluntarily left the SIG.
- The SIG is mostly used for requesting branches, with very little ongoing maintenance via SIG permissions. This often results in Fedora maintainers being stuck with bugs they never signed up for, which is not fair to them.
- We’ve run into situations where people don’t respond to bugzillas for EPEL packages that they themselves have branched and built via SIG permissions. This type of behavior was recently mentioned on the epel-devel mailing list.
- In our package request guide, there is a template for SIG members to use that asks for the user and the SIG to be added as co-maintainers. This is exacerbating the other problems, especially the lack of long term ownership as it is resulting in situations that I would summarize as “oh I didn’t mean it, I was just copying the template”.
- A tracker bug was created with the intent that SIG members could use it to find packages to help with, but to my knowledge it has never been used for that purpose.
We’re in a situation now where this SIG is hurting the overall reputation of EPEL.
I propose that we officially deprecate the EPEL Packagers SIG, and eventually remove it entirely.
If we move forward with this, the first step would be to remove mention of the SIG from the request template. When maintainers are requesting to co-maintain packages to build them for EPEL, they would do so only via their direct account, not group membership. Ideally this would foster a greater sense of ownership. We wouldn’t need to remove the SIG from every package it has access to overnight, but we could consider an automated approach, or even look for a way to not carry this group forward to the new dist-git forge when that migration eventually happens.
I think one of the flaws that got us to this point with this current SIG is that the scope is far too wide (literally any packages that could go into EPEL). For closely related sets of packages, it may make sense to replace the EPEL Packagers SIG with another more focused SIG with fewer members. I think a small SIG with access to a related set of packages that all the members care about is a better model than a large SIG with access to far too many unrelated things.
Proven packager is still available for maintainers that do truly want elevated permissions to many packages, and we should encourage EPEL maintainers to pursue that if they are interested. It doesn’t allow people to request new EPEL branches, but at this point I think that is for the best. If you want to request branches, you should be a direct maintainer of the package.
We’re in the middle of an exciting bring up of EPEL 10, and it has been moving quickly in part due to the ease of requesting branches via EPEL Packager SIG membership. Deprecating the SIG will slow this effort down to a degree, but it is probably for the best. To avoid being blocked in EPEL waiting for dependencies in the future, I recommend co-maintaining the dependencies of your packages whenever possible.