other ways of working with third party vendors [was Re: Proposal: Revision of policy surrounding 3rd party and non-free software]

Stephen John Smoogen smooge at gmail.com
Wed Jan 22 23:04:02 UTC 2014

On 22 January 2014 15:54, Miloslav Trma─Ź <mitr at volny.cz> wrote:

> On Wed, Jan 22, 2014 at 5:39 PM, Matthew Garrett <mjg59 at srcf.ucam.org>
> wrote:
> > You want that set of channels to include a number of third-party vendors
> > who distribute non-free software. There's a few practical problems here
> > - how do we choose those vendors? What process do we have for ensuring
> > that they aren't distributing malicious code? What if they provide a
> > package that breaks software that we ship as part of Fedora? What if a
> > vendor with a known history of shipping broken software requests
> > inclusion and kicks up a PR storm if we refuse?
> Every single retailer is facing these questions about he products arriving
> from the vendors, and somehow they manage.  This should not be *that huge*a deal in practice; primarily it's a matter of mindset, abandoning the
> "full-featured and self-contained distribution" expectation.
Retailers manage because there are long and large amounts of contractual
and other commerce laws, treaties, etc to back them up when dealing with
product problems with their upstream. There are contracts in place all
through the chain of construction that are in place that liability moves up
the chain and not to the retailer. However when you don't have those
contracts in place you as the end party can be found liable for the
problems versus the upstream vendor.

So yes it is huge and has implications that aren't easily or logically

> (It seems that sandboxing the third-party software is what the world is
> converging on, but we've also had >30 years of software products for sale
> before sandboxing existed.)
>     Mirek
> _______________________________________________
> advisory-board mailing list
> advisory-board at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/advisory-board

Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/advisory-board/attachments/20140122/a664c76c/attachment.html>

More information about the advisory-board mailing list