F21 Self Contained Change: Playground repository
William Brown
william at firstyear.id.au
Wed Apr 9 01:17:09 UTC 2014
On Tue, 2014-04-08 at 15:54 -0500, Bruno Wolff III wrote:
> On Tue, Apr 08, 2014 at 13:04:54 -0400,
> Stephen Gallagher <sgallagh at redhat.com> wrote:
> >
> >Similarly, there are a great many useful Ruby libraries and
> >applications out there for which unbundling them would be an exercise
> >in futility. Ask yourself which is more important to most users:
> >1) My OS is perfectly maintainable by engineers.
> >or
> >2) My OS lets me install the software I need without hassle.
>
> This can result in more work when there are security events. One thing
> I was happy about with Fedora is that by updating openssl and restarting
> services I am pretty sure I have blocked that attack. Who is going to do
> the work searching for bundled libraries when similar events occur in
> the future?
I agree with this sentiment about security.
I am torn between the raised points 1 and 2. There are many cases where
the desire for 2 causes issues because the issues at hand aren't
understood. If I wanted to install my awesome software, but then I
complain something else isn't working. This blog post is a great
example:
http://blog.tridgell.net/?p=141
Could this not create more noise on bugzilla because of accidents in
playground? There are many cases where people make mistakes about where
an error lies (I myself have done it a few times)
I understand that Fedora and especially the "playground" would come, no
warranty implied. But surely we must aim for a base quality standard?
Instead of this, why not just add a feature in copr to allow a user to
link multiple copr builds together to one repository? Or even a "user
repository" that just offers all that users packages in one place? That
would seem to be a good middle ground. Copr is a useful tool for testing
packages in the build system, and for me, building things to get them
onto my systems before the are accepted to fedora, but I also don't feel
comfortable installing a playground where "every and any developer built
package" may end up on my system (Unless I am misinterpreting the
playground idea ... )
--
William Brown <william at firstyear.id.au>
More information about the devel
mailing list