Fedora board vote and way forward

Matthew Garrett mjg59 at srcf.ucam.org
Fri Jan 24 14:58:44 UTC 2014 

On Fri, Jan 24, 2014 at 02:38:44PM +0000, Richard Hughes wrote:
> On 24 January 2014 14:28, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
> > Not unless the user has already added the Chrome repository.
> 
> So if gnome-software supported YMP files
> http://en.opensuse.org/openSUSE:One_Click_Install_ISV that would be
> okay for FESCo? Of course, that would mean convincing all the non-free
> upstreams to add an extra file, as well as the traditional
> semi-static-binary-plus-repo.rpm file.

That would seem fine, yes.

> I'm not sure it makes it any easier from an end user point of view,
> and I'm sure it makes it a lot less safe. Imagine some random person
> posting a malicious ymp file in fedoraforum.org which gets picked up
> by google for some common search words and users haplessly click on it
> without reading the XML or verifying the URL. In that case it might
> just be safer for users to search for chrome on google, get directed
> to http://www.google.com/chrome and then they can click the .rpm file
> there.

We can't curate a list of "safe" repositories in any meaningful way - we 
simply don't have the infrastructure to do so. There are existing 
mechanisms that could be used (require the XML to be signed with an EV 
certificate, for instance) which would act as significant impediments to 
random people spoofing genuine repositories.

> Which is the point we're at now. What FESCo has effectively said is
> "what we have now is fine", and we have a declining userbase that says
> otherwise.

The example you've used is Chrome. Chrome is not present in the 
Windows Store. Chrome is not present in the Mac App Store. Users are 
forced to manually download it from Google. This doesn't seem to be 
hurting their popularity.

There are multiple issues with Fedora. The degree of technical churn 
means it's difficult for us to apply polish to certain aspects of the 
system. We do things like push stable updates that break systems. We 
fail to follow through on development efforts that distinguish us from 
the competition. We're bad at making a product. Ascribing any decline in 
userbase to "It's difficult for users to install Chrome or Skype" isn't 
helpful - maybe it's true, but there's so many other things that could 
also be turning users away that it's impossible to tell.

When we're faced with a bunch of problems, let's concentrate on the 
problems that don't require us to compromise our pinciples. This longer 
release cycle gives us the opportunity to fix a lot of the things that 
are fundamentally wrong with Fedora. It'd be a shame to see that 
opportunity wasted because we're fixated on one issue.

-- 
Matthew Garrett | mjg59 at srcf.ucam.org

More information about the desktop mailing list