<div dir="ltr"><div class="gmail_default" style="font-family:times new roman,serif;font-size:small"><span style="font-family:arial,sans-serif">On Fri, Oct 9, 2015 at 5:45 AM, Haïkel </span><span dir="ltr" style="font-family:arial,sans-serif"><<a href="mailto:hguemar@fedoraproject.org" target="_blank">hguemar@fedoraproject.org</a>></span><span style="font-family:arial,sans-serif"> wrote:</span><br></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">2015-10-09 1:17 GMT+02:00 Kevin Kofler <<a href="mailto:kevin.kofler@chello.at">kevin.kofler@chello.at</a>>:<br>
> Haïkel wrote:<br>
>> Not that I'm 100% happy with the way it happened but this has been a<br>
>> very long-lived topic. To some, it'll be a hasty decision, to others,<br>
>> it's already a late one.<br>
><br>
> There's a REASON it had always been shot down so far!<br>
><br>
>> Please keep in mind, that Fesco is aware this is not a perfect<br>
>> solution, and we''ll gladly review any proposals to improve this<br>
>> policy.<br>
><br>
> It is not possible to "improve" a policy that is fundamentally broken. The<br>
> only possible improvement is to repeal/revert it.<br>
><br>
>> But we can keep discussing this for years, or try to solve this issue<br>
>> incrementally.<br>
><br>
> Or we can just keep saying no, in compliance with our principles.<br>
><br>
>> We chose the latter.<br>
><br>
> What is "incremental" about this policy change? It is a radical U-turn.<br>
><br>
>> No we didn't chose quantity over quality, it will only have a marginal<br>
>> impact on the former.<br>
><br>
> Then it will even have failed its stated purpose.<br>
><br>
>> It doesn't prevent you to do unbundling<br>
><br>
> It does. The maintainer can now say "no" to any non-upstream unbundling.<br>
><br>
>> Pretending that the now-previous guidelines that many packages<br>
>> (including recent ones) did not respect were preventing issues was<br>
>> giving a false impression of security, that was *harmful*.<br>
><br>
> If existing packages were not compliant to the policy, that's the problem<br>
> you need to fix, by:<br>
> 1. fixing the packages (not just threatening their removal from Fedora, but<br>
> actually having a provenpackager go in and do the downstream unbundling),<br>
> and<br>
<br>
</div></div>Sounds like you're volunteering for an Unbundling SIG, go ahead, you<br>
have blessing.<br>
I can even provide you a list of offending packages or ones that are<br>
not updated because of the unbundling efforts (ie: hadoop)<br><br>
Regards,<br>
H.<br>
<div class="HOEnZb"><div class="h5"><br></div></div></blockquote><div><br></div><div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small;display:inline">A SIG dedicated to going through our packages and "systemizing" them (e.g. unbundling them) would probably be a really good idea, especially with the new rules. A group of packagers experienced in this could be solicited to help with trickier packages. As it is, it's pretty hard to solicit for help on packages. Last night, I was in #fedora-devel, where someone was working on a package to unbundle, and he was having a lot of trouble doing it on his own. He didn't have to, but was trying to anyway.</div></div><div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small;display:inline">I think our packagers generally want our packages to be system-friendly, but sometimes it can be very hard. We have SIGs to solicit experience for Python, Ruby, PHP, etc., why not have one for this too?</div></div><div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small;display:inline">Kevin, given that you're so passionate about this, why don't you create the SIG and gather folks to help support such efforts? It would be greatly appreciated.</div> </div></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">真実はいつも一つ!/ Always, there's only one truth!<br></div></div>
</div><font face="yw-402608bc37fe50adb11a5899295781aeb83d248d-c146b30c510ca13547406177b29b3069--o" style="display: none;"></font></div>