The Forgotten "F": A Tale of Fedora's Foundations
Josh Boyer
jwboyer at fedoraproject.org
Thu Apr 24 16:02:52 UTC 2014
On Thu, Apr 24, 2014 at 11:56 AM, Stephen Gallagher <sgallagh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 04/24/2014 11:01 AM, Stephen John Smoogen wrote:
>>
>>
>>
>> On 24 April 2014 02:49, Christian Schaller <cschalle at redhat.com
>> <mailto:cschalle at redhat.com>> wrote:
>>
>> Well my point is I spoke to Red Hat legal before I even posted the
>> original proposal to open up to more 3rd party repositories some
>> Months ago. There are a lot of repositories that it is perfectly
>> fine for Fedora to include from a legal perspective. But they will
>> need to be reviewed by legal on a case to case basis, going to
>> legal up front and saying 'hey can I include a hypothetical
>> repository' will only yield you the answer 'depends on the
>> repository'.
>>
>>
>> OK cool. What is the plan for when repositories change what they
>> are carrying and add stuff that may be legal for them but not for
>> others? Will there be periodic reviews to make sure that this
>> hasn't happened or some way that we roll back what repositories we
>> recommend?
>>
>
>
> At the risk of being glib: What's the plan for periodically
> re-reviewing every package in Fedora to make sure that its sources
> always remain legal?
>
> It's the same problem and it can only realistically be dealt with by
> "If someone notices, deal with it then."
IIRC, the original discussion was framed around specific repositories
with specific pieces of software. So a repository carrying e.g.
Chrome and only Chrome. Not something like rpmfusion which carries a
multitude of varied packages. So in that case, the audit becomes
easier.
josh
More information about the devel
mailing list