Proposal to reduce anti-bundling requirements
Haïkel
hguemar at fedoraproject.org
Fri Sep 18 14:28:34 UTC 2015
2015-09-15 13:02 GMT+02:00 Ralf Corsepius <rc040203 at freenet.de>:
>
> a) We don't have any such tracking system.
If maintainers followed FPC recommendations on that matter, it will be
very easy to have one.
I have in my TODO to implement one for CentOS Cloud SIG to track
security issues for some horrible packages
> b) So far, this has not been a problem.
>
Not being aware of the problem is different from not having a problem.
Famous example being requests bundling other common libraries and
itself being bundled by the rest of the world. All those funny REST
clients with buggy code and nobody cares upstream.
> In the past, this these issues were commonly worked around by Fedora
> maintainers forking in private and them feeding them into Fedora as set of
> patches.
>
Yes, and I'm working on a proposal on guidelines + tooling to make it
easier to work on that.
And preferably self-hosted in Fedora thanks to pagure.
>> Our role is mitigate bad habits and educate upstream, not ignoring them.
>
> Right, but you're underestimating the stubbornness and non-cooperativeness
> of some upstream and fedora maintainer.
Sadly, no.
> They usually believe to have an "ultra-clever design" and the FPC to be dumb
> idiots who are unable to comprehend their cleverness.
>
> Ralf
>
Well, I'm personally thankful that FPC "dumb idiots" and alike taught
me proper engineering when I was young graduate a decade ago.
I think that every developer should once in a while, put his hands
into packaging/integration or system administration to understand what
they're doing.
(forgot to send this one, but well, we don't praise enough FPC for
their awesome work)
>
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
More information about the devel
mailing list