The Forgotten "F": A Tale of Fedora's Foundations

Stephen John Smoogen smooge at gmail.com
Thu Apr 24 22:26:53 UTC 2014 

On 24 April 2014 16:06, Christian Schaller <cschalle at redhat.com> wrote:

>
> > These were things that people were wondering when this came up in the
> past.
>
> Once again this is becoming a debate about hypotheticals which rarely
> leads anywhere
> constructive.
>
>
It actually isn't hypothetical. I have had to deal with a lot of problems
with 3rd party repositories at previous jobs. The easiest and most common
one is where the 3rd party later ships something that conflicts with the
main repository. The weirder ones are where a clean package got stuff added
to it where it backdoored the desktop or where it added a P2P service which
set off all kinds of emails from the RIAA to the universities legal.


To take a concrete case instead. Are you really worried about Google
> starting to ship
> dvdcss as part of their Chrome repository? Do you really think that is a
> question
> keeping our lawyers up at night?
>
>
I am more worried about the criteria we are using for choosing these
repositories, how they are chosen, vetted and added and a basic "How we
plan to deal with problems when they occur" versus the standard "OMG THE
SKY IS FALLING AND ITS ALL <FILL-IN-BLANK> FAULT".  Because problems will
occur and they will be at various very inconvenient times so having at
least a "We will contact X, we will turn off Y in package Z, we will then
push an update" with who to contact to deal with them.



> Are there repositories out there where we can not trust the person or
> company behind
> it enough to include it by default for legal reasons? Sure there is, but
> you can't say
> that just because we would not want to risk shipping the rpm-warez.tor.netrepo by default
> all 3rd party repos are high risk and something our lawyers would be
> concerned about. Because
> that is the argument you in practice is making when you are posing
> hypothetical questions about
> the risk of 3rd party repos.
>
>
You seem to have completely misread me so it is clear we are talking past
each other. Since I am not communicating clearly in a way you or others
understand, I will stop and withdrawal until I can better do so.




> Christian
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
>



-- 
Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140424/a9f007f4/attachment.html>

More information about the devel mailing list