Looking for example at git-lfs:
https://src.fedoraproject.org/rpms/git-lfs/blob/master/f/git-lfs.spec
I am afraid that the license field is wrong. Since the Go packages are statically linked, that means also content of all the BR is part of the binary packages and therefore should include their licenses. This also applies to Rust and all other statically linked packages.
I believe the guidelines should be amended to handle this scenario and all the packages fixed appropriately.
Thoughts?
Vít
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Fri, 2020-06-26 at 13:33 +0200, Vít Ondruch wrote:
Looking for example at git-lfs:
https://src.fedoraproject.org/rpms/git-lfs/blob/master/f/git-lfs.spec
I am afraid that the license field is wrong. Since the Go packages are statically linked, that means also content of all the BR is part of the binary packages and therefore should include their licenses. This also applies to Rust and all other statically linked packages.
I think we already do it fine for Rust, no?
https://src.fedoraproject.org/rpms/rust-ripgrep/blob/master/f/rust-ripgrep.s... https://src.fedoraproject.org/rpms/rust-bat/blob/master/f/rust-bat.spec#_35 https://src.fedoraproject.org/rpms/rust-starship/blob/master/f/rust-starship...
and so on.
I believe the guidelines should be amended to handle this scenario and all the packages fixed appropriately.
We've also discussed this here: https://src.fedoraproject.org/rpms/rust-rpick/pull-request/1
Thoughts?
I think Pull Request is very welcomed in the packaging guidelines.
Vít
legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
- -- Igor Raits ignatenkobrain@fedoraproject.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Fri, 2020-06-26 at 13:48 +0200, Igor Raits wrote:
On Fri, 2020-06-26 at 13:33 +0200, Vít Ondruch wrote:
Looking for example at git-lfs:
https://src.fedoraproject.org/rpms/git-lfs/blob/master/f/git-lfs.spec
I am afraid that the license field is wrong. Since the Go packages are statically linked, that means also content of all the BR is part of the binary packages and therefore should include their licenses. This also applies to Rust and all other statically linked packages.
I think we already do it fine for Rust, no?
https://src.fedoraproject.org/rpms/rust-ripgrep/blob/master/f/rust-ripgrep.s... https://src.fedoraproject.org/rpms/rust-bat/blob/master/f/rust-bat.spec#_35 https://src.fedoraproject.org/rpms/rust-starship/blob/master/f/rust-starship...
and so on.
Forgot to mention that we even have script to generate those: https://pagure.io/fedora-rust/rust2rpm/blob/master/f/tools/fedora-helper.py
I believe the guidelines should be amended to handle this scenario and all the packages fixed appropriately.
We've also discussed this here: https://src.fedoraproject.org/rpms/rust-rpick/pull-request/1
Thoughts?
I think Pull Request is very welcomed in the packaging guidelines.
Vít
legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
- -- Igor Raits ignatenkobrain@fedoraproject.org
Hi,
Some of the issues with licensing and security vulnerability audit could be solved by providing a Flatpak runtime or extension containing the dynamically loaded libstd and other core Rust libraries, and the matching Rust toolchain SDK geared towards dynamic linking. This is not the mainstream way of building applications with Rust, but in the controlled environment of Flatpak builds, the ABI fragility can be taken out of the picture.
However, some commitment from upstream would be required first: https://github.com/rust-lang/rust/issues/73932
Best regards, Mikhail
пт, 26 июн. 2020 г. в 14:56, Igor Raits ignatenkobrain@fedoraproject.org:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Fri, 2020-06-26 at 13:48 +0200, Igor Raits wrote:
On Fri, 2020-06-26 at 13:33 +0200, Vít Ondruch wrote:
Looking for example at git-lfs:
https://src.fedoraproject.org/rpms/git-lfs/blob/master/f/git-lfs.spec
I am afraid that the license field is wrong. Since the Go packages are statically linked, that means also content of all the BR is part of the binary packages and therefore should include their licenses. This also applies to Rust and all other statically linked packages.
I think we already do it fine for Rust, no?
https://src.fedoraproject.org/rpms/rust-ripgrep/blob/master/f/rust-ripgrep.s...
https://src.fedoraproject.org/rpms/rust-bat/blob/master/f/rust-bat.spec#_35
https://src.fedoraproject.org/rpms/rust-starship/blob/master/f/rust-starship...
and so on.
Forgot to mention that we even have script to generate those: https://pagure.io/fedora-rust/rust2rpm/blob/master/f/tools/fedora-helper.py
I believe the guidelines should be amended to handle this scenario and all the packages fixed appropriately.
We've also discussed this here: https://src.fedoraproject.org/rpms/rust-rpick/pull-request/1
Thoughts?
I think Pull Request is very welcomed in the packaging guidelines.
Vít
legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Igor Raits ignatenkobrain@fedoraproject.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEcwgJ58gsbV5f5dMcEV1auJxcHh4FAl714egACgkQEV1auJxc Hh6lBQ//UTR0h1YecxlcCLV52LdDYLtCb1YFB1GsSJgg5B7Veq8ACRqNy9QqbWxL mtluCHJpCM7dpdH5L4+xzKREI6eJHTSCQIRKopcA4bPy97g/0sRQ8+4xLGKJbh7l AEa9VAlkYHyqCDbmc2T+QEwXru7kXTNio14eNxIpwn3mOZpab9SYMlu7H6sHKPy6 oWJF0HIROFW5vNwwsB6UW7IV044IJ72zYG2LN2tjNGsTFvqR5LTfaJImPPP4vWJT 8YJfcFCFdQXnwunj5Y1DJwgSLNBem31MOhS+Vq6E3nXjsTflNVEt4/UPB5HRrJcl vYoeaVHcE1Gbn2FUWvXTe9TRdujBpVVT4rgvxPh+cKh9x5FrS4Eg1Jj+WrIgszYn NWIrJW0e2iwZZN9P7ZTuefbdjKhKyDvqIghNKt16gcfzQ6L/yYfiKURKBOYiRtmA Q+KStJRogH6kwWMWlPlNpRpDr9rCpC5j+F+Jg9IfXFUP10DswN8zXwPsab39nSeA e51Ko5YqRPapSCe6gSWYbI1g4ngz4vwxpPw36UTOEiDuHR3BNKZvNeTNB/lzDuoh 6DIIXyWfeUmsuhSN6igc6j+CpQtnWtU94ESM6BbfjAnJgNahrY4pPkUQ3XzGU9yR ewl/fjyQAIkMNWV3RwMp5aCIypFNJDgRT0RQ9eFmYBqeOGs6/nY= =3AC1 -----END PGP SIGNATURE----- _______________________________________________ Rust mailing list -- rust@lists.fedoraproject.org To unsubscribe send an email to rust-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/rust@lists.fedoraproject.org
-
Igor Raits -
Mikhail Zabaluev -
Vít Ondruch