other ways of working with third party vendors [was Re: Proposal: Revision of policy surrounding 3rd party and non-free software]
Matthew Garrett
mjg59 at srcf.ucam.org
Wed Jan 22 23:24:09 UTC 2014
On Wed, Jan 22, 2014 at 11:54:15PM +0100, Miloslav Trmač wrote:
> On Wed, Jan 22, 2014 at 5:39 PM, Matthew Garrett <mjg59 at srcf.ucam.org>
> wrote:
> > You want that set of channels to include a number of third-party vendors
> > who distribute non-free software. There's a few practical problems here
> > - how do we choose those vendors? What process do we have for ensuring
> > that they aren't distributing malicious code? What if they provide a
> > package that breaks software that we ship as part of Fedora? What if a
> > vendor with a known history of shipping broken software requests
> > inclusion and kicks up a PR storm if we refuse?
>
> Every single retailer is facing these questions about he products arriving
> from the vendors, and somehow they manage. This should not be *that
> huge*a deal in practice; primarily it's a matter of mindset,
> abandoning the
> "full-featured and self-contained distribution" expectation.
I don't see the relation between those two things. We can move away from
that expectation without providing any kind of third-party software by
default.
> (It seems that sandboxing the third-party software is what the world is
> converging on, but we've also had >30 years of software products for sale
> before sandboxing existed.)
A bunch of technical problems are certainly solved if we assume that
everything distributed this way is sandboxed, but sandboxing doesn't let
you distribute codecs or graphics drivers.
--
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the advisory-board
mailing list