plowshare is not shipped with modules anymore

Ralf Corsepius rc040203 at freenet.de
Fri Apr 17 04:21:27 UTC 2015 

On 04/17/2015 05:21 AM, Nico Kadel-Garcia wrote:
> On Mon, Apr 13, 2015 at 2:15 AM, Ralf Corsepius <rc040203 at freenet.de> wrote:
>> On 04/12/2015 09:01 PM, Elder Marco wrote:
>>>
>>> Hello,
>>>
>>> Since version 2.x.x. plowshare is not shipped with modules anymore.
>>> There are two repositories. The main repository [1], with the core
>>> package, and a new repository, with the modules [2].
>>
>>
>> I have never used plowshare nor do I know what it is used for.
>>
>>> Due the massive change of hosters, the modules are always beeing
>>> updated, and a little tool "plowmod" deal with modules updates. This
>>> tool can install and update the modules locally, which is much better
>>> than to provide the modules inside the package.
>>>
>>> So, upstream recommends to deal with "plowshare" core only, which it is
>>> quite stable. And I agree.
>>>
>>> So, the question is: Am I violating Fedora Packaging Guidelines if I do
>>> not provide the modules into fedora repositories?
>>
>> Letting applications install something into system-wide directories outside
>> of rpm is not allowed in Fedora.
>
> Note that is's not preventable: Python, CPAN, and rubygems all have
> strong support for this,
We have a Fedora packaging rule which disallows all system-wide 
installations outside of rpm's control.

The reasons for this conventions are
* system-consistency
* system-security
* testing

The only gap left open is installing into user private directories.

>> But I don't think the FPG formally disallows installing arbitrary
>> executables from arbitrary sites into private user directories as part of
>> applications.
>
> And I'm very grateful for the very nice people who sort out the
> dependencies and build up SRPM's rather than saying "dude!!! just run
> CPAN".
I consider people, who run CPAN to be not knowing what they are doing. 
The are shooting themselves into their own foot.

Wrt. perl, CPAN vs. rpm installation issues and users having broken CPAN 
modules in their system is a common cause for people facing perl issue.

> plowmod seems to be more like SpamAssassin: it can be RPM packaged,
> but its out of date *really fast* and it's very difficult to keep the
> modules packaged.

Well, I can understand why its convenient to users, but these users 
probably will only comprehend that such practices are wide open doors to 
all kind of malicious people and technical issues, when they will be 
personally affected.

To cut a long story short: One of the reasons for Linux being considered 
safer than other OSes is being very reluctant against "per-user installs".

Ralf

More information about the devel mailing list