On Sun, 2006-09-17 at 11:58 -0500, Rex Dieter wrote:
Paul Howarth wrote:
> On Sat, 2006-09-16 at 22:08 -0700, Toshio Kuratomi wrote:
>> Hey guys,
>> It's come to my attention that we don't have a "Packages must be
built
>> from source, no precompiled binaries" rule in the current guidelines. I
>> think this is an oversight as the Binary Firmware section:
>>
http://www.fedoraproject.org/wiki/Packaging/Guidelines#BinaryFirmware
>>
>> implies this for the specific case of firmware.
>>
>> How about something like:
>>
>> "Packages must be built from source code. Including pre-built programs
>> or libraries is strictly forbidden. A select few exceptions are made
>> for binary firmware. Please see
>>
http://www.fedoraproject.org/wiki/Packaging/Guidelines#BinaryFirmware
>> for details."
>>
>> And on ReviewGuidelines:
>> "Must: The package must be built from source. No pre-built programs or
>> libraries are acceptable."
>>
>> Thoughts, opinions welcome.
>
> Might another exception be needed for the bootstrapping procedures for
> new compilers, e.g. some of the lisp/haskell compilers in Extras?
bootstrapping is kinda a separate problem. The proposal here is that
*Packages* must be built from source, which I tend to I agree with, in
principle. The "source" in question, can potentially include binary
bits (for bootstrapping, whatever).
You can't separate these problems, because
problems in bootstrapping are
primary the reason (Typically either circular deps large dependency
chains) or for open-source packages to contain binaries (of open-sourced
sources).
A classical example for such cases are emulators: They typically need a
some "k-byte piece of Firmware", having to be compiled by a
cross-toolchain. I.e. to rebuild them from scratch, you'd first have to
have this cross-toolchain. If your're lucky such a cross-toolchain is
buildable, but several 100MB in size. If you're out of luck, such a
toolchain doesn't exist for linux, but only for some other OS
(Open source != Linux; Open-source != buildable by open source).
Packagers often circumvent this "ugly dependency chain", by shipping
binaries.
Now consider pdf or ps documents - People often use foreign tools to
write them - They are binaries having been built from closed source,
aren't they?
Ralf