Regarding re branded Fedora Remixes using Fedora community resources.

"Jóhann B. Guðmundsson" johannbg at gmail.com
Fri Oct 22 20:32:31 UTC 2010 

On 10/22/2010 06:32 PM, Stephen John Smoogen wrote:
> 2010/10/22 "Jóhann B. Guðmundsson"<johannbg at gmail.com>:
>
<snip>.... </snip>
> So I ask this the board this.
>
> Should unoffical Fedora remixes that contain proprietary bits which violate Fedora foundation and mission that may or may not come from a 3 party repo to be allowed to use community resource such as mailing lists, irc channels, bugzilla etc to announce,advertise,endorse,diagnose,report etc. which result in community resource being directed away from Fedora to focus and fix the use on their own product or should they be discarded and treated like any other Distro out there.
> I do not know how one could sanely 'police' or enforce a limitation
> like this. At worst we would have a policy with no teeth, and at best
> I would expect only a 60-80% compliance (since IRC is not provided by
> Fedora but Freenode we have limited ability to 'control' that medium).

Well we should be able to control our mailing list bugzilla and the 
planet I suppose irc would not work but I would say is the least of our 
worries.

As I see it to tackle this we need to be able differentiate the users 
that are running Fedora from those that are using remixes when that has 
been accomplished then we could tag and enforce different access rules 
or simply just tag and grant access.

Basically we could require the entities that make the remixes to follow 
a procedure ( which could be just as simple as having a proper 
documentation on how the deviate from Fedora to require the third-party 
repo be it internal or external they use to be able to receive abrt 
filed bug reports ) which would require them to register those remixes 
with us and after we have verified that everything is in order we tag 
and grant access to updates and abrt bug reporting.

As I see it the only viable solution is the update/packaging level 
perhaps all Fedora users could be subscribed to the Fedora channel ( or 
not required to be subscribed et all ) and approved remixes would get 
their own channels to subscribe to?

>> Encase the answer is yes here are few more questions of top of my head.
>>
>> Can Fedora project host the kickstart files that are used to create those remixes since they are in essence being sanction by Fedora by allowing them to use Fedora community resources?
> No. These are remixes and not Fedora endorsed or approved products.

Yet we allow them to update from our own repository's...

>> Should not those remixes be at least required to provide clear easy accessible and documentation on how those remixes deviate from Fedora?
>> ( As is being done with the Omega remix [2][3] )
> I am not sure we could put such a restriction and have it legally be
> enforceable
>

We have enough of legal shenanigan going on in the world without us 
adding something on top of it.

However we should be able to make it technically difficult for remixes 
to use our resource without our consent.

>> Should not those remixes be at least required to provide clear easy accessible download statistic compatible with how Fedora does it?
> No way I could see how this could be legally enforceable.
>

See response above.

>> Should not the 3rd party components being used in the remix have the necessary infrastructure for abrt to be in place so automatic reports can be filed where they belong?
> It would be nice, but I do not see how it could be either forced. And
> then there are the arguments of whether we count as the remixes
> upstream or not if the package has not been altered from what we
> 'shipped'.
>

As soon as we have the mechanise to somehow tag updates to remix this 
could be solved.

>> Does there not need to be in place some kind of mechanism that generally checks if it's Fedora and or registers which remix it is ( encase it's not Fedora )for updating/bug reporting etc. ( yum/abrt remix tag of some sort which remixes get after registration? ) For usage and usability research/measurement purposes.
>>
>> Encase the answer is no here are few more questions of top of my head.
>>
>> Hows the best way to enforce such policy?
>>
>> Regardless if answer is yes or no the one question remains..
>>
>> Are we gathering any kind of statistic on how many reports are being filed against components in bugzilla which are claimed to be against bits we ship but have turned out to be not like bugs in another distros as was the case with bug 588930 to see how much of our resources are being abused?
> I do not know of a way that we could do so.. but that does not mean it
> can not be done.

I think this is doable technically however coming up with the right 
solution might be difficult.

JBG

More information about the advisory-board mailing list