[Proposal] Ring-based Packaging Policies

Alec Leamas leamas.alec at gmail.com
Sat Feb 14 05:20:44 UTC 2015

On 14/02/15 01:45, Ken Dreyer wrote:

> Here's the new policy that I would vote for:
> 1) We allow bundled libraries, and each bundled library MUST have a
>     virtual Provides: bundled(foo) in the RPM spec. (The packager SHOULD
>     provide a version number too, with the admission that it is sometimes
>     difficult to get this number correct.)
> 2) If another packager comes up with a patch to unbundle the library and files
>     the patch in Bugzilla, then the package maintainer MUST take the
>     patch.
> 3) If the package maintainer disagrees with the patch for whatever reason
>     (maybe it's a feature regression, or whatever), they MUST bring it to
>     the FPC for arbitration. The FPC must take into account the loss of
>     functionality that unbundling could imply.
> This revised policy would lower the barrier to entry for newcomers,
> and still leave room for more advanced contributors to do the work if
> they desired to do so.

In the end, I guess this is a trade-off between doing the Right Thing 
from the overall security and distro maintenance perspective, and doing 
the Right Thing from the "follow the upstream" view.

My gut feeling is that this trade-off is differs in different 
communities. So, what happens if we discuss this from a language point 
of view?

What if we, as a a starter, applied such a policy to e. g., ruby 
packages?  Expanding to other languages over time in a more controlled way?


More information about the devel mailing list