other ways of working with third party vendors [was Re: Proposal: Revision of policy surrounding 3rd party and non-free software]

Miloslav Trma─Ź mitr at volny.cz
Wed Jan 22 22:54:15 UTC 2014


On Wed, Jan 22, 2014 at 5:39 PM, Matthew Garrett <mjg59 at srcf.ucam.org>
wrote:
> You want that set of channels to include a number of third-party vendors
> who distribute non-free software. There's a few practical problems here
> - how do we choose those vendors? What process do we have for ensuring
> that they aren't distributing malicious code? What if they provide a
> package that breaks software that we ship as part of Fedora? What if a
> vendor with a known history of shipping broken software requests
> inclusion and kicks up a PR storm if we refuse?

Every single retailer is facing these questions about he products arriving
from the vendors, and somehow they manage.  This should not be *that
huge*a deal in practice; primarily it's a matter of mindset,
abandoning the
"full-featured and self-contained distribution" expectation.

(It seems that sandboxing the third-party software is what the world is
converging on, but we've also had >30 years of software products for sale
before sandboxing existed.)
    Mirek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/advisory-board/attachments/20140122/4ced03e8/attachment.html>


More information about the advisory-board mailing list