Summary/Minutes from today's FESCo Meeting (2015-10-07)
hguemar at fedoraproject.org
Thu Oct 8 15:48:42 UTC 2015
2015-10-08 10:55 GMT+02:00 Tomas Mraz <tmraz at redhat.com>:
> On Čt, 2015-10-08 at 00:06 +0200, Kevin Kofler wrote:
>> Stephen Gallagher wrote:
>> > * #1483 Decision on bundling policy in the Fedora Package Collection
>> > (sgallagh, 18:11:40)
>> > * LINK: http://paste.fedoraproject.org/276064/44243383/ is sgallaghs
>> > proposal without the critpath distinction (nirik, 18:43:49)
>> > * AGREED: Adjust the packaging policy as described in
>> > http://paste.fedoraproject.org/276064/44243383/ (+5, 3, -1)
>> > (sgallagh, 18:57:44)
>> > * ACTION: tibbs|w to inform FPC and work on removing the anti-bundling
>> > stuff from the guidelines (sgallagh, 18:59:17)
>> Ewww! :-(
>> This opens the door to all kinds of duplication, waste of disk space, waste
>> of RAM, symbol conflicts and unfixed security issues!
>> "Thanks" for making Fedora worse!
> Yes, it seems the quantity over quality view won. :(
> Also the haste with which it was pushed is seriously disappointing.
> Tomas Mraz
> No matter how far down the wrong road you've gone, turn back.
> Turkish proverb
> (You'll never know whether the road is wrong though.)
Not that I'm 100% happy with the way it happened but this has been a
very long-lived topic. To some, it'll be a hasty decision, to others,
it's already a late one.
Please keep in mind, that Fesco is aware this is not a perfect
solution, and we''ll gladly review any proposals to improve this
policy. But we can keep discussing this for years, or try to solve
this issue incrementally. We chose the latter.
No we didn't chose quantity over quality, it will only have a marginal
impact on the former. It doesn't prevent you to do unbundling, track
bundled libraries, request FPC or peers feedback if you want.
Pretending that the now-previous guidelines that many packages
(including recent ones) did not respect were preventing issues was
giving a false impression of security, that was *harmful*.
You're free to rant or work with us to improve the now-current policy.
PS: I won't reply to private answers on that topic. It's either on the
list or it'll go to /dev/null
PPS: I encourage people complaining to participate more actively in
the reviewing pipeline, best way to prevent bundled libraries to be
sneaked in. Sloppy reviews and the lack of regular reviewing process
for current packages are a far more serious issue.
More information about the devel