In today's FESCo meeting we discussed the fact that there are many
RPMs currently in Fedora (a reported 244 in Rawhide currently) that
are defining a `Provides: bundled(<lib>) = <version>` but excluding
the version completely. This removes that ability to properly
perform source code auditing and security vulnerability tracking.
My question to the Fedora Contributor Community is, how should we
handle this? Is this something that should just simply be fixed by the
packages currently violating the Guidelines, should the Guidelines be
altered in a way that makes this easier to deal with for Packagers but
also provides what is needed for auditing and vulnerability tracking,
or is there simply clarification needed by what is required in the
I look forward to the discussion.
 - https://pagure.io/fesco/issue/1734
 - https://pagure.io/packaging-committee/issue/696
Following is the list of topics that will be discussed in the FPC
meeting Thursday at 2017-07-06 16:00 UTC in #fedora-meeting-1 on
Local time information (via. uitime):
================= Day: Thursday ==================
2017-07-06 09:00 PDT US/Pacific
2017-07-06 12:00 EDT --> US/Eastern <--
2017-07-06 16:00 UTC UTC
2017-07-06 17:00 BST Europe/London
2017-07-06 18:00 CEST Europe/Berlin
2017-07-06 18:00 CEST Europe/Paris
2017-07-06 21:30 IST Asia/Calcutta
---------------- New Day: Friday -----------------
2017-07-07 00:00 HKT Asia/Hong_Kong
2017-07-07 00:00 +08 Asia/Singapore
2017-07-07 01:00 JST Asia/Tokyo
2017-07-07 02:00 AEST Australia/Brisbane
Links to all tickets below can be found at:
= Followups =
#topic #691 noarch *sub*packages with arch-specific dependencies
#topic #693 Wiki:Packaging:RPMMacros
= Open Floor =
For more complete details, please visit each individual ticket. The
report of the agenda items can be found at:
If you would like to add something to this agenda, you can reply to
this e-mail, file a new ticket at https://fedorahosted.org/fpc,
e-mail me directly, or bring it up at the end of the meeting, during
the open floor topic. Note that added topics may be deferred until
the following meeting.
I see a review request by Christopher Meng (cicku) for cvechecker.
While it's been quiet for a long time, and I want to push this request
forward with mine. So I did commented in comment 7 this March. However,
there is no updates till now. So I want to know if I should file a new
package request instead, or if someone can point me out the right
process for this.
Copy the assignee of the request Pavel.
Ziqian SUN (Zamir)
GPG : 1D86 6D4A 49CE 4BBD 72CF FCF5 D856 6E11 F2A0 525E
Want to know more about Fedora?
Since Rawtherapee developers are suggesting to use -O3 build flag instead of Fedora default -O2, is it possible to override that or it's forbidden by any packaging rule?
And how can I change only that flag without touching all the others? Can I simply append -O3 to the default build flags?