The Forgotten "F": A Tale of Fedora's Foundations

Josh Boyer jwboyer at
Thu Apr 24 16:02:52 UTC 2014

On Thu, Apr 24, 2014 at 11:56 AM, Stephen Gallagher <sgallagh at> wrote:
> Hash: SHA1
> On 04/24/2014 11:01 AM, Stephen John Smoogen wrote:
>> On 24 April 2014 02:49, Christian Schaller <cschalle at
>> <mailto:cschalle at>> wrote:
>> Well my point is I spoke to Red Hat legal before I even posted the
>> original proposal to open up to more 3rd party repositories some
>> Months ago. There are a lot of repositories that it is perfectly
>> fine for Fedora to include from a legal perspective. But they will
>> need to be reviewed by legal on a case to case basis, going to
>> legal up front and saying 'hey can I include a hypothetical
>> repository' will only yield you the answer 'depends on the
>> repository'.
>> OK cool. What is the plan for when repositories change what they
>> are carrying and add stuff that may be legal for them but not for
>> others? Will there be periodic reviews to make sure that this
>> hasn't happened or some way that we roll back what repositories we
>> recommend?
> At the risk of being glib: What's the plan for periodically
> re-reviewing every package in Fedora to make sure that its sources
> always remain legal?
> It's the same problem and it can only realistically be dealt with by
> "If someone notices, deal with it then."

IIRC, the original discussion was framed around specific repositories
with specific pieces of software.  So a repository carrying e.g.
Chrome and only Chrome.  Not something like rpmfusion which carries a
multitude of varied packages.  So in that case, the audit becomes


More information about the devel mailing list