[Proposal] Ring-based Packaging Policies

Vít Ondruch vondruch at redhat.com
Wed Feb 18 09:43:29 UTC 2015

Dne 17.2.2015 v 17:18 Petr Pisar napsal(a):
> On 2015-02-17, Josh Boyer <jwboyer at fedoraproject.org> wrote:
>> On Thu, Feb 12, 2015 at 1:32 PM, Stephen Gallagher
>> <sgallagh at redhat.com> wrote:
>>> == Proposal ==
>>> With these things in mind, I'd like to propose that we amend the
>>> packaging policy by splitting it into two forms:
>> I think this needs to go beyond simple policy.  It needs some
>> buildsystem enforcement as well.
> [...]
>> With the definition you have here, I'm afraid we are going to be
>> constantly playing "is or isn't" on whether a package is core or not.
>> E.g. things get sucked into the install media due to dependencies and
>> nobody notices until it's time to trim the size.  It just doesn't seem
>> like this would scale, particularly since the distro is rather fluid.
>> Perhaps instead the Base WG could come up with what they consider
>> core, and we could really stick to that?  Meaning, things in core
>> cannot Require packages outside of core at runtime.
> [...]
>> I'm OK with this if Ring packages land in a separated repo.  That
>> could be done by having a separate koji target that spits out things
>> into a rings repo.
>> My concern here is that if everything (ring and core combined) lands
>> in the same koji tag and goes through koji just like packages do
>> today, we're going to wind up with a big mess.  Having dependencies on
>> ring packages is going to entangle things and make it very hard to
>> clean up later.
> I agree.
> While it's tempting to "just tune policy a little" (i.e. reduce
> packaging guidelines), it's not enough. The implications are huge (from
> security, suistainability, trust point of view). My impression from
> reading this thread is people do not want mixed system.
> Why not to create a new repository with reduced policy as
> Stephen proposed with the one-way dependency rule (between current
> Fedora and the new easy-for-beginners repository)?
> If the repository was fully supported by Fedora project (package
> databse, dist-git, koji, bodhi, bugzilla) with yum/dnf configuration
> knowing the easy-for-beginners repository, then both groups
> (deniers and supporters of the mixed system) would be satisfied.
> After some time, we can evaluate if the easy-for-beginners repository is
> a viable solution (from all the points of view I listed above). If the
> reduced policy is really the golden solution, then we will witness
> spontaneous move of packages from Fedora to easy-for-beginners
> repository.
> -- Petr

What is wrong with using Copr for the "ring packages". It already works
just fine (may be BZ is missing). There are no reviews, no guidelines,
you can bundle ... I believe that everybody understands that while Copr
is supported by Fedora, you are using these packages on your own risk. I
can't imagine better state.


More information about the devel mailing list