Proposal to reduce anti-bundling requirements

[Stephen Gallagher]

On Thu, 2015-09-10 at 15:10 -0400, Przemek Klosowski wrote:
> On 09/10/2015 09:53 AM, Stephen Gallagher wrote:
> > The point of software is to provide a service to an end-user. Users
> > don't run software because it has good packaging policies, they run
> > software because it meets a need that they have. If they can't get
> > that software from Fedora, they *will* get it from another source
> > (or
> > use a different OS that doesn't get in their way). I'll take a
> > moment
> > to remind people that two of Fedora's Four Foundations are
> > "Features"
> > and "First". We want Fedora to be the most feature-complete
> > distribution available and we want to get there before anyone else
> > does. I would say that holding to our no-bundling policy actively
> > defeats our efforts on that score.
> Those are valid points, but I think that there are alternative
> approaches to address them. 
> Can containerization it be leveraged to handle the packages which
> require bundling? This way, we could maintain the principled stance,
> and use containers with bundling packages as a temporary measure.
> 

As I noted elsewhere on the thread, containers are a separate issue.
In the real world, they are essentially the bundling problem in a
superlative state: to build a container you simply *must* bundle
everything into it (minus the kernel).

That said, we have plans for how to construct containers from RPMs so
that we can more easily track their contents. I think this proposal
has more to do with that part of the container problem than the actual
containers themselves.


> Secondly, I would argue that the 'Freedom' requirement results in
> more restrictions in functionality than the 'no-bundling'
> requirement. We deal with that by having specific 'rpmfusion'
> repositories, and this workaround is well known, documented and
> accepted---so maybe another approach is to have a 'rpmfusion-
> bundled' repo?

rpmfusion exists due to a completely unrelated set of policies (some
legal in the case of the rpmfusion-nonfree repository) and some
philosophical (in the case of rpmfusion-free). It has nothing to do
with bundling; rpmfusion follows pretty much the same bundling rules
as Fedora.


> > The reason for this proposal is relatively simple: we know the
> > advantages to unbundling, particularly with security and resource-
> > usage. However, the world's developer community largely *does not
> > care*. We fought the good fight, we tried to bring people around to
> > seeing our reasoning and we failed.
> I think we should really pause and think about what does the 'does
> not care' mindset entail. It's not just the attitude towards
> bundling: it extends to security problems, integration issues, and
> who knows what other aspect of the product. I concede that it's, as
> you said, a list of the same tired arguments---but  they do have a
> point!  I think it is a mistake to declare defeat, even if it's
> nominally only on the specific issue of bundling. 
> 


One can only tilt at windmills for so long before one's horse gives
out. This battle has been fought for years and while it has not been
entirely fruitless, it's not yielding significant results. In many
cases, it is actively hindering our ability to deliver to our users
that which they desire: applications and services.

As I noted in my initial proposal, from a philosophical standpoint, we
should absolutely keep working to get upstreams to come around (at
least for common and important libraries like zlib and openssl), but
blocking inclusion until the upstream meets our definition of
"perfect" is having a net harmful effect on Fedora's position (which
reduces our market/mindshare and therefore our bargaining position to
get upstreams to make changes).


> I do understand the pragmatic motivation of your proposal, but we
> have to calibrate it against the real and possible detriments. Taken
> to the extreme, an overly permissive approach _could_ introduce
> enough crud to affect the  entire system.  Please forgive me for
> sounding alarmist and cynical but  I am old enough to remember the
> 1990's FTP collections. They were full of projects  started by well-
> intentioned, pragmatic developers,  which evolved into an
> unmaintaintainable mess ---I am so glad that we left that behind.


Yes, take anything to extremes and you paint a picture that is stark,
horrifying and unrealistic. But I honestly believe that we need to
compromise at least a bit or else we'll cease to be relevant. A
distribution with a tiny user-base would have absolutely no leverage
to make demands on an upstream, so at the minimum we need to rebuild
our presence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150911/2252dd94/attachment.sig>