You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently PRs to recipes can be approved by any member. A particular stumbling point with this is when the bot picks up a change to a pypi repo and makes an automatic PR and blindly performs a review and approves the PR with no knowledge of the package. As examples a new package may require requirements updating, or a change to a build script in order for the resultant pacakge to work correctly, as the build process does not run complete testing more simply "if it compiles it works".
IIRC conda-forge has the mechanism that only maintainers listed in the meta.yaml can approve a PR.
The text was updated successfully, but these errors were encountered:
Conda-forge has the luxury of allowing per-package maintainers because they have per-package repositories (this has its own set of issues). There's no real mechanism on github to enforce this except keeping a massive "owners" file. That would theoretically be possible, but would be a rather large effort. Perhaps a good compromise would be for the bot to automatically ping the listed maintainers, so they're promptly notified of the updated PR.
I would think it isn't too difficult to, for example, make a CI test that fails until the point at which a maintainer listed in the meta file has approved the PR.
The problem you have currently is that there's a handful of users, possibly well intentioned but also I suspect in some part just trying to gain kudos, approving PRs for software for which they have absolutely no knowledge. This undermines the review process and you may as well simply have the bot auto merging the PRs it's making.
(Please move this to another project if desired).
Currently PRs to recipes can be approved by any member. A particular stumbling point with this is when the bot picks up a change to a pypi repo and makes an automatic PR and blindly performs a review and approves the PR with no knowledge of the package. As examples a new package may require requirements updating, or a change to a build script in order for the resultant pacakge to work correctly, as the build process does not run complete testing more simply "if it compiles it works".
IIRC conda-forge has the mechanism that only maintainers listed in the meta.yaml can approve a PR.
The text was updated successfully, but these errors were encountered: