A reliable and transparent, high volume package review infrastructure was implemented with the Open Build Service (OBS). In OBS, a software package can travel through several projects. Submission Review is done at project specific gates to control such travel.
The openSUSE:Factory project currently defines review gates for license compliance, security and packaging. Together with an issue tracking system we create a community friendly ecosystem that implements project policies. Centralized gatekeepers or dedicated review periods are eliminated. Propagation delay is minimized.
With OBS providing the hooks to add review authorities, we were able to code most of the respective business logic with python scripts, reusing and extending the osc command line tool as a feature-rich layer ontop of the OBS API.
This talk describes the openSUSE project review process and how it helps various stakeholders to excercise their control, using the legal team as a non-trivial example.