How to handle upstreams with bundled libs (Was Re: December 2010 Fedora Election Plan)
Toshio Kuratomi
a.badger at gmail.com
Fri Oct 29 14:46:36 UTC 2010
On Fri, Oct 29, 2010 at 10:18:22AM -0400, Stephen Gallagher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/29/2010 10:06 AM, Toshio Kuratomi wrote:
> > On Thu, Oct 28, 2010 at 07:50:15PM -0400, Stephen Gallagher wrote:
> >>
> >> 1) We have the
> >> http://fedoraproject.org/wiki/Packaging/SourceURL#When_Upstream_uses_Prohibited_Code
> >> rules in the Packaging Guidelines for a reason. A party interested in
> >> seeing a package in Fedora proper could work towards stripping out the
> >> bundling requirement in the source tarball, then package that up as
> >> described above. Naturally, any changes made to accomplish this should
> >> be submitted back upstream in order to improve the product for everyone.
> >>
> > Just informational:
> > The Guidelines you're quoting deal with modifying source due to things we're
> > not allowed legally to ship and would still apply to anything on
> > repos.fp.o.
> >
> > You probably want:
> > https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries
> >
>
> No, I was pointing at that intentionally. I was suggesting that in the
> cases where it's possible for us to unbundle the libraries ourselves
> when upstream ships them that we should follow the "When Upstream uses
> prohibited code" guidelines to create an acceptable tarball.
>
You should take that to the fpc (packaging at lists.fp.o is the mailing list).
I doubt that we'll pass anything of the sort, though, as that's violating
a different principle of packaging: the tarball you get in the rpm is
vanilla upstream. The only reason we modify the tarballs for prohibited
code is that legally, we cannot ship the source in question and therefore we
must strip it from the tarball or be doing something illegal.
Note that FPC is discussing this right now:
https://fedorahosted.org/fpc/ticket/19
https://fedoraproject.org/wiki/PackagingDrafts/Treatment_Of_Bundled_Libraries
and likely will decide it at their Wed meeting next week. I would encourage
people to give feedback on that on packaging at lists.fp.o as I personally feel
conflicted about it. On the one hand, it adds extra requirements on the
package maintainer (deleting the bundled libraries, patching build scripts
to disable the build scripts looking for the now missing files). On the
other hand it makes it much easier to tell if the build is doing something
wrong (linking to the bundled code). It also is an extension of our
existing guidelines about pre-built libraries:
http://fedoraproject.org/wiki/PackagingGuidelines#No_inclusion_of_pre-built_binaries_or_libraries
so it's not unexpected, even if it is an additional requirement.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/advisory-board/attachments/20101029/6879deda/attachment.bin
More information about the advisory-board
mailing list