Package Review Guidelines

This is a set of guidelines for Package Reviews. Note that a complete list of things to check for would be impossible, but every attempt has been made to make this document as comprehensive as possible. Reviewers and contributors (packagers) should use their best judgement whenever items are unclear, and if in doubt, ask on the Fedora packaging list .

Package Review Process

Contributors and reviewers MUST follow the Package Review Process, with the following exceptions:

  • FPC grants an explicit exemption from the process, as indicated here.

  • The package is being created so that multiple versions of the same package can coexist in the distribution (or coexist between EPEL and RHEL). The package MUST be properly named according to the naming guidelines and MUST NOT conflict with all other versions of the same package.

  • The package exists in both Fedora and RHEL, but the packager wants to ship it in EPEL under an alternative name (as required by EPEL policy) to provide a subpackage that exists in Fedora but does not exist (or is not shipped) in RHEL.

Things To Check On Review

There are many many things to check for a review. This list is provided to assist new reviewers in identifying areas that they should look for, but is by no means complete. Reviewers should use their own good judgement when reviewing packages. The items listed fall into two categories: SHOULD and MUST.


  • SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. footnote:[Licensing Guidelines: License Text]

  • SHOULD: The reviewer should test that the package builds in mock. footnote:[Using Mock to test package builds]

  • SHOULD: The package should compile and build into binary rpms on all supported architectures. footnote:[Packaging Guidelines: Architecture Support]

  • SHOULD: The reviewer should test that the package functions as described. A package should not segfault instead of running, for example.

  • SHOULD: If scriptlets are used, those scriptlets must be sane. This is vague, and left up to the reviewers judgement to determine sanity. footnote:[Packaging Guidelines: Scriptlets]

  • SHOULD: Usually, subpackages other than devel should require the base package using a fully versioned dependency. footnote:[Packaging Guidelines: Requiring Base Package]

  • SHOULD: The placement of pkgconfig(.pc) files depends on their usecase, and this is usually for development purposes, so should be placed in a -devel pkg. A reasonable exception is that the main pkg itself is a devel tool not installed in a user runtime, e.g. gcc or gdb. footnote:[Packaging Guidelines: Pkgconfig Files]

  • SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin consider requiring the package which provides the file instead of the file itself. footnote:[Packaging Guidelines: File and Directory Dependencies]

  • SHOULD: your package should contain man pages for binaries/scripts. If it doesn’t, work with upstream to add them where they make sense.footnote:[Packaging Guidelines: Manpages]

A note on dependencies

It is often useful to submit a package for review along with its dependencies in separate tickets. As long as the submitter sets up the Depends on: and Blocks: fields in bugzilla properly, this is not an issue, and it is perfectly possible to review these packages before the full dependency chain is in the distribution (by maintaining a local repository, building and installing the packages locally, or maintaining a Copr).

However, please keep in mind that you cannot do koji builds if all of the build dependencies are not met (because you cannot provide additional dependencies to koji) and when the time comes to build these packages, they must be built in order and you must wait between builds for the dependencies to make it into the appropriate branch of the distribution. For the devel branch (Rawhide) this happens frequently and can be automated using chain builds, but for release branches each package must make it all the way to stable before the next package in the chain can be built.

Please also note that while you may actually be able to build a package because all of its build-time dependencies are met, the package may still be non-installable (and thus useless) if its runtime dependencies are not met. A package MUST not be built if any of its runtime dependencies are unsatisfied.

References to the Fedora Packaging Guidelines