[Proposal] Ring-based Packaging Policies

Petr Pisar ppisar at redhat.com
Tue Feb 17 16:18:03 UTC 2015 

On 2015-02-17, Josh Boyer <jwboyer at fedoraproject.org> wrote:
> On Thu, Feb 12, 2015 at 1:32 PM, Stephen Gallagher
> <sgallagh at redhat.com> wrote:
>> == Proposal ==
>> With these things in mind, I'd like to propose that we amend the
>> packaging policy by splitting it into two forms:
>
> I think this needs to go beyond simple policy.  It needs some
> buildsystem enforcement as well.
[...]
> With the definition you have here, I'm afraid we are going to be
> constantly playing "is or isn't" on whether a package is core or not.
> E.g. things get sucked into the install media due to dependencies and
> nobody notices until it's time to trim the size.  It just doesn't seem
> like this would scale, particularly since the distro is rather fluid.
>
> Perhaps instead the Base WG could come up with what they consider
> core, and we could really stick to that?  Meaning, things in core
> cannot Require packages outside of core at runtime.
[...]
> I'm OK with this if Ring packages land in a separated repo.  That
> could be done by having a separate koji target that spits out things
> into a rings repo.
>
> My concern here is that if everything (ring and core combined) lands
> in the same koji tag and goes through koji just like packages do
> today, we're going to wind up with a big mess.  Having dependencies on
> ring packages is going to entangle things and make it very hard to
> clean up later.
>
I agree.

While it's tempting to "just tune policy a little" (i.e. reduce
packaging guidelines), it's not enough. The implications are huge (from
security, suistainability, trust point of view). My impression from
reading this thread is people do not want mixed system.

Why not to create a new repository with reduced policy as
Stephen proposed with the one-way dependency rule (between current
Fedora and the new easy-for-beginners repository)?

If the repository was fully supported by Fedora project (package
databse, dist-git, koji, bodhi, bugzilla) with yum/dnf configuration
knowing the easy-for-beginners repository, then both groups
(deniers and supporters of the mixed system) would be satisfied.

After some time, we can evaluate if the easy-for-beginners repository is
a viable solution (from all the points of view I listed above). If the
reduced policy is really the golden solution, then we will witness
spontaneous move of packages from Fedora to easy-for-beginners
repository.

-- Petr

More information about the devel mailing list