[Proposal] Ring-based Packaging Policies

Florian Weimer fweimer at redhat.com
Fri Feb 13 19:14:30 UTC 2015

On 02/12/2015 07:32 PM, Stephen Gallagher wrote:
> Second, I will call attention to the fact that different Fedora
> users have very different needs from the software. For example,
> those running Fedora Server and Fedora Cloud are likely far more
> concerned with Fedora as a *deployment* platform than they are as a
> *development* platform. Folks running Fedora Workstation or the KDE
> spin are likely to be somewhat more interested in the development
> side of things (though not exclusively).

Fedora Workstation includes very, very few development-related
packages, to the degree that it is completely unusable (by itself) for
almost all developers.

Many important development tools are completely outside the
Fedora.Next package set.  Previously, they were just a “yum install”
away, and there was little difference in practice.  I'm worried that
this proposal will have a negative affect on the quality of non-core
packages (over time at least).

> === Core Packages === Any package that is provided on a
> release-blocking medium (which at present includes Fedora Atomic,
> Fedora Cloud, Fedora Server, Fedora Workstation, the KDE Spin and
> several ARM images) must comply exactly with the packaging
> guidelines as they are written today. These packages must receive a
> full package review *when they are added to the install media*. Any
> package present on the media if this proposal is adopted is 
> exempted from this requirement. Any package to newly appear on the 
> install media after this time *should* (I hate that word...)
> receive a new package review, even if it is already present in
> Fedora.

Based on the comments above, I think the definition is much too
narrow.  It excludes fundamental development infrastructure such as
autoconf and cmake, and tools like gdb and valgrind.

I have nothing against the proposal in principle (to some extent, it
just reflects existing practice), but I do think we need a different
definition for the set of core packages.

By the way, this cuts in the other direction as well—I think the
proposed definition makes Docker and Kubernetes core packages (at
least eventually), and I think its developers really, really want a
wide-ranging bundling exception.

Florian Weimer / Red Hat Product Security

More information about the devel mailing list