What exactly is a "bundled library"? (was Re: apitrace, bundled libbacktrace)

Adam Williamson adamwill at fedoraproject.org
Thu Jan 8 01:39:02 UTC 2015 

On Tue, 2014-08-19 at 15:19 +0400, Pavel Alexeev wrote:
> 13.06.2014 01:42, Adam Williamson пишет:
> > On Tue, 2014-05-13 at 18:56 +0200, Sandro Mani wrote:
> > > Hi,
> > > 
> > > apitrace 5.0 bundles libbacktrace, which looks like is living 
> > > within the
> > > gcc sources. libbacktrace is not build as a shared library from 
> > > the gcc sources, and not packaged.
> > > 
> > > Is it feasible to build libbacktrace as a shared library and 
> > > ship it in a corresponding package? Or should I rather go for a 
> > > bundling exception request?
> > So in writing a reply to this, I noticed the guidelines around 
> > this are actually fairly unclear and subject to interpretation.
> > 
> > The section on this topic from 
> > https://fedoraproject.org/wiki/Packaging:Guidelines reads:
> > 
> > "Duplication of system libraries
> > 
> > A package should not include or build against a local copy of a 
> > library that exists on a system. The package should be patched to 
> > use the system libraries. This prevents old bugs and security 
> > holes from living on after the core system libraries have been 
> > fixed.
> > 
> > In this RPM packaging context, the definition of the term 
> > 'library' includes: compiled third party source code resulting in 
> > shared or static linkable files, interpreted third party source 
> > code such as Python, PHP and others. At this time JavaScript 
> > intended to be served to a web browser on another computer is 
> > specifically exempted from this but this will likely change in the 
> > future.
> > 
> > Note that for C and C++ there's only one "system" in Fedora but 
> > for some other languages we have parallel stacks. For instance, 
> > python, python3, jython, and pypy are all implementations of the 
> > python language but they are separate interpreters with slightly 
> > different implementations of the language. Each stack is 
> > considered its own "system" and can each contain its own copy of a 
> > library."
> > 
> > *entirely* clear, though, really.
> > 
> > The page https://fedoraproject.org/wiki/Packaging
> > :No_Bundled_Libraries has all sorts of rationale and process 
> > stuff, but still no clear definition of precisely what it is that 
> > constitutes a "bundled library".
> > 
> > Even more confusingly,
> > https://fedoraproject.org/wiki/Packaging
> > :Treatment_Of_Bundled_Libraries seems to have a rather different 
> > definition from that given on Packaging:Guidelines. It reads:
> > 
> > "(bundled libraries being defined as libraries which exist and are 
> > mantained independently, whether or not they are packaged 
> > separately for Fedora)"
> > 
> > to me, that seems fundamentally different from the definition that 
> > is somewhat unclearly implied on the Packaging:Guidelines page.
> > 
> > Has this been considered before? Is there a superior definition 
> > somewhere, or an accepted interpretation which is consistent with 
> > both pages?
> > 
> > Do we in fact need a section in Packaging:Guidelines and then two 
> > separate 'subsidiary' pages all on the topic of bundled libraries? 
> > Would it make more sense to combine all the details onto a single 
> > subsidiary page and have Packaging:Guidelines just have a very 
> > short sort of 'summary' and a link to that one subsidiary page? 
> > Would that reduce the likelihood of confusion?
> > 
> > Thanks!
> > 
> > I've seen several cases in the Real World where 'bundled' 
> > libraries that are not a part of the Fedora repositories were 
> > considered to be OK under the policy, which is a possible 
> > interpretation of the policy as given on Packaging:Guidelines, but 
> > doesn't really seem to be a possible interpretation of the policy 
> > as given on Packaging:Treatment_Of_Bundled_Libraries (as it 
> > explicitly states "whether or not they are packaged separately for 
> > Fedora"). This could have considerable implementations for webapps 
> > if it were interpreted strictly, I think.

> Sorry for the old thread.
> But it is very interesting question to clearly determine "bundled 
> library" to which returning happened again and again.
> Does it hang again now or something indeed changed?



Yeah, I'm still interested in other people's thoughts on this, I 
rather expected it to get more traction when first posted. I guess 
I'll try one more bump (this one) and if still no-one bites, we can 
file an FPC ticket, perhaps.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net

More information about the devel mailing list