<div dir="ltr"><div><div>On Wed, Jan 22, 2014 at 5:39 PM, Matthew Garrett <<a href="mailto:mjg59@srcf.ucam.org">mjg59@srcf.ucam.org</a>> wrote:<br>> You want that set of channels to include a number of third-party vendors<br>
> who distribute non-free software. There's a few practical problems here<br>> - how do we choose those vendors? What process do we have for ensuring<br>> that they aren't distributing malicious code? What if they provide a<br>
> package that breaks software that we ship as part of Fedora? What if a<br>> vendor with a known history of shipping broken software requests<br>> inclusion and kicks up a PR storm if we refuse?<br><br>Every single retailer is facing these questions about he products arriving from the vendors, and somehow they manage. This should not be <i>that huge</i> a deal in practice; primarily it's a matter of mindset, abandoning the "full-featured and self-contained distribution" expectation.<br>
<br></div>(It seems that sandboxing the third-party software is what the world is converging on, but we've also had >30 years of software products for sale before sandboxing existed.)<br></div> Mirek<br><div><div>
<div><br></div></div></div></div>