Proposal: Revision of policy surrounding 3rd party and non-free software

Fri Jan 24 05:04:53 UTC 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

El Wed, 22 Jan 2014 17:04:06 -0500
Bill Nottingham <notting at redhat.com> escribió:
> Josh Boyer (jwboyer at fedoraproject.org) said: 
> > > Pedantic but (maybe) important distinction: the idea would be to
> > > prepopulate (in some way or another) the software installer
> > > application with _specific_ 3rd party repositories (in the
> > > mockup, Adobe, Dropbox, Google, Nvidia, and Steam) -- akin more
> > > to having the default Fedora bookmarks include the download pages
> > > at those companies than to a Google search. Or am I
> > > misunderstanding?
> > 
> > The bookmark analogy seems fair to me, yes.  However, it might be
> > feasible to include these "bookmarks" without having them displayed
> > by default and instead requiring a user to toggle a checkbox or
> > such to enable them.
> 
> I'd rather not include any metadata or links to particular
> repositories in Fedora itself:
> 
> - packaging is a really crappy way to have to update a software
>   source list if we were to get some new third party source
> - it's also a really crappy way to *disable* a source from being
>   shown to users if we for some reason need to do so, and do so
> quickly (waves at spot)
> 
> This is regardless of whether the third-party repo contains free or
> non-free software - the same issues apply to both cases.
> 
> Once we take that step, Adam's suggestion honestly makes the most
> sense to me - a web service exists that third parties can register
> their repositories with. They'd register what format they're
> providing software in/for (yum repos, apt repos, etc.), what
> OSes/releases they're targeting (Fedora, RHEL, Ubuntu, Debian, Arch,
> whatever), and some metadata (keywords, icons, etc.).
> 
> You then have a workflow in Fedora that looks something like:
> 
> Software -> About (or Preferences)
> 
>    [ ] Enable third party software
>       |
>     <user checks box>
>       |
>  /!\ WARNING: Fedora does not and cannot support software from third
> parties; such software can cause your system to misbehave or crash.
>      Use at your own risk. For more information, see:
>         http://fedoraproject.org/wiki/eat-your-brane
>                                                 [ Cancel ]  [ OK ]
>       |
>     <hit OK>
>       |
>     ... this then queries the service for appropriate repos to pull
> appdata from. 
> 
> You then have them showing up in a mechanism similar to the wireframe,
> although I'd suggest two changes:
> - In search results and browsing, have a separate category for
> 'Software for $NAME' or 'Vendor Software'
> - Not a huge fan of the listing of all available third party sources
> dialog. (Esp. if it's not "all available", and therefore requires us
> to prune.)
> 
> Then, we just need to 
> 
> 1) get other distros involved
> 2) work with them to define & set up the service
> 3) work with the vendors on how to package stuff for it properly
> 
> Which we should be doing anyway, if we're intent on having a real
> Linux desktop software ecosystem.

this kinda fits into my comments[1] in the ticket to get the app data
together. We still have no way to properly provide the appdata to the
user. I truly believe it should be via an app store. take out it being
run in infra and having gnome, linux foundation or someone run it at
least the third party bit and it seems there is a way forward.

Dennis

[1] https://fedorahosted.org/rel-eng/ticket/5721#comment:7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJS4fR1AAoJEH7ltONmPFDRQI8P/3cZumA7NEtte0GMFMqQ+Kcv
CsvYFpbK8GGzoNTSS/IjvGTH7Uc3eo9ZGU9FQBpt4JIrjWy9LOZ74Hl5df2Fl5JU
rQke0SI28Wk18/RtIEW3/ILqErxbqH+45OawQ0jPtnc6ClY4opjneg/lL7zkvV1+
zv12BpgJDWltA27as5/uXr/OdRN0fy9JLWjId4ZWwIIVXLe+hCHfc5vKxb7GIS5J
HUTjUI5syGRxxLZKot8XaZDt0eLF6fuS3wuf5iwq9c9tO3l7XiDpNEjuAV4jUNEA
GiEQGr3KADctnMJ4q00npQ25eS5ndUkBbEshKKVbggJNdb1yZMd1fe+IZgPWChFx
oSmXEusZT6mqQ+evffs3VqfIfbBcY0VGtu/8MAxR4IJeSXcbMzS3V65WUnLPQ4HH
jH+wXRDCqdDU9Xv8G3fS4n9bSpTVJnLz0ZaC4d7mhtRqyNjKWjcKPvGlhoQ0zJuz
VTtTD9cBdz7fwC2rfGDMX2Rbmy2tVfQ4+Y55OHZ62JGa5YL4d/tleCERwb/EGVmG
O5gaAgjcZnlsHAtWA/H18hhK1iu2KIpJzBYiDDrOhdYrEFIT5y05N5b1oOfxusy+
q9pxW0pDkV/PyJ+od89aMoEUr4nLjPk5O6bAKOpBDtCOQ97YFOGugdcYveqmFgnZ
4dSwdmN8C+LCsHMNikNZ
=jmPl
-----END PGP SIGNATURE-----