On Wed, Dec 11, 2013 at 10:41 PM, Matthias Clasen <mclasen(a)redhat.com> wrote:
On Wed, 2013-12-11 at 16:23 -0500, Josh Boyer wrote:
> On Wed, Dec 11, 2013 at 4:21 PM, Josh Boyer <jwboyer(a)fedoraproject.org> wrote:
> > Hi All,
> > At the FESCo meeting today, the following things were decided on 3rd
> > party repositories. Some of this is specific to COPRs because those
> > are an odd case of 3rd party repositories.
> > 1) COPRs can provide RPMS with .repo files in them because Red Hat is
> > the provider and assumes liability, but those cannot be included in
> > the main Fedora repos per FESCo decree.
> > 2) COPR repos may be searched for applications to install as long as
> > the user is explicitly asked to enable the copr before installing
> > packages from them.
> > 3) General 3rd party repositories cannot be searched or enabled due to
> > liability concerns.
> > (NOTE: "searched" in 2 and 3 was intended to cover searching by
> > software. Clearly users can manually search for anything.)
> > 4) FESCo is okay with pointing to specific free software repositories
> > in the same way as COPR repos if they are approved by FESCo and Fedora
> > Legal. They are not limited in the criteria that they can choose to
> > apply.
> > 5) For non-free sofware repositories, FESCo is not changing exisiting
> > policy. Non-free software repositories are not allowed. Permission to
> > make these discoverable via searching software would require a change
> > in policy from the Fedora Board.
> > In short, this means products can request approval of specific 3rd
> > party free software repositories. If approved, they can include their
> > contents along with COPR repos in application searches a user does and
> > offer to install them with a warning that they come from a 3rd party,
> > non-Fedora repo. Repositories containing non-free software cannot be
> > enabled by default or made discoverable through software.
> The FESCo ticket documenting all of this is here:
The discussion in that ticket was focused almost entirely on coprs,
which are really not that relevant when it comes to third-party
Mostly. Yesterday's meeting covered the core of the third-party repo
discussion not related to COPRs.
I have no problem with the 'cannot be enabled by default'
part of the
last sentence, but 'cannot be made discoverable' is bordering on
censorship - fesco does not get to decide what users do with their
They haven't decided that. They have stated that software packaged
within Fedora cannot reference general 3rd party repositories that
have not been approved. As I noted above, there is clearly no method
to stop a _user_ from searching for anything and I don't believe FESCo
would want to prevent a user from doing anything they want with their
system. The restrictions in place are done to limit liability.
The non-free repo ban is less about liability and more about adhering
to the Fedora project's philosophies as FESCo read them.
While not exactly unlimited freedom, overallthis is actually less
restrictive than previous policies on 3rd party repos (which, in
short, has been NO).
(small reminder: I am not on FESCo)
Lastly: was any attempt made to invite Christian to the Fesco meeting
I find it somewhat questionable to decide this item while the main
proponent who is cc'ed in the ticket is on a plane to Lahore.
I will take partial blame for that, as I'm the WG liaison. However,
Christian has been rather busy for the past few months and has been
silent on the ticket. He and I have discussed this in detail
elsewhere and I believe I understand what he was pushing for. If he,
or anyone else, would like further action or clarification, please let