Summary/Minutes from today's FESCo Meeting (2015-10-07)

[Adam Jackson]

On Thu, 2015-10-08 at 10:55 +0200, Tomas Mraz wrote:

> Yes, it seems the quantity over quality view won. :(

This is a false dichotomy.  The ultimate metric of quality is whether
the distribution contains a working copy of the software you want to
run.  Bundling is a maintenance concern for _people working on the
distribution_.  From the consumer's perspective it makes zero
difference whether a particular library is bundled or not, as long as
the app works.  Any undiscovered security bug (for instance) will be
there in the unbundled copy of the library too.

And, to be honest, we're failing at tracking bundling _already_,
regardless of this particular change in policy.  clamav bundles a copy
of llvm, ffs.  Policies that are out of line with reality are bad
policy: the war on drugs does not fix drug abuse, vagrancy laws do not
fix poverty, and the war on bundling merely ensures that bundled
software goes unreported.  We should acknowledge that bundling is a
real thing that solves real problems for both app developers and end
users, we should codify it in our policies, and we should build the
tools that enable us to track and manage it rather than pretend it
doesn't happen just because a package passed review once.

So yes, it makes life harder for the people building the distribution,
that's the entire point.  That's labor that _we_ take on precisely so
our users don't have to care.  That's not "quantity over quality",
that's quality as job one.  

- ajax