F21 Self Contained Change: Playground repository

Bruno Wolff III bruno at wolff.to
Wed Apr 9 01:54:57 UTC 2014

On Tue, Apr 08, 2014 at 20:21:11 -0400,
   Josh Boyer <jwboyer at fedoraproject.org> wrote:
>Who is doing that work within Fedora today?  After the initial review,
>there is no on-going audit of packages _within_ Fedora to make sure
>they aren't bundling (or following guidelines at all).  That's not to
>say that we have a massive problem.  It _is_ implying that maybe one
>shouldn't blindly trust the guidelines to catch all of the potential
>problems though.

I think there is a difference in people not following guidelines than 
saying it is OK. Right now there is a reasonable chance that no one has 
bundled openssl into another official Fedora package. If we explicitly 
say bundling is OK, then it becomes a lot more likely that libraries 
end up being bundled.

More information about the devel mailing list