-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 13 Feb 2014 11:26:54 -0500 Richard Fontana rfontana@redhat.com wrote:
On Tue, Feb 11, 2014 at 06:52:01AM -0600, Dennis Gilmore wrote:
- cloud WG wants to be able to produce updates images, what are our
requirements to ensuring source compliance with the GPL?
Today the sources for livecds and appliance images are only in the source tree and not separated out. if we do updates images some sources will be in the base source tree and some in updates, however the updates sources will go away if the package gets another update. the only single source where we could point people at is koji.
I'm trying to understand the possible concern - why would pointing people at koji not be good enough?
If ponting people at koji is good enough that's okay. The images will be made available somewhere on the download server and via mirrors say under /pub/fedora/linux/releases/21/Update1/Images/
but to get the sources you would need to either go to koji where only unsigned copies are easily available sometimes the only copy available. We do clean up the signed copy of older updates, we keep the signature header and can reattach it if needed. or you need to look through the Base release or updates source trees where the signed copy of the rpm will be available. With knowledge you can always get the source from git.
My concern is over how easily do we need to make the source available? does the source need to be available in the same location as the binaries? do I need to have a source tree at /pub/fedora/linux/releases/21/Update1/SRPMS/ for instance to match above do we need to add a README.Sources or similar file that points the user to where to get the sources or do we not need to do anything?
Dennis