Summary/Minutes from today's FESCo Meeting (2015-10-07)

Thu Oct 8 23:17:35 UTC 2015

Haïkel wrote:
> Not that I'm 100% happy with the way it happened but this has been a
> very long-lived topic. To some, it'll be a hasty decision, to others,
> it's already a late one.

There's a REASON it had always been shot down so far!

> Please keep in mind, that Fesco is aware this is not a perfect
> solution, and we''ll gladly review any proposals to improve this
> policy.

It is not possible to "improve" a policy that is fundamentally broken. The 
only possible improvement is to repeal/revert it.

> But we can keep discussing this for years, or try to solve this issue
> incrementally.

Or we can just keep saying no, in compliance with our principles.

> We chose the latter.

What is "incremental" about this policy change? It is a radical U-turn.

> No we didn't chose quantity over quality, it will only have a marginal
> impact on the former.

Then it will even have failed its stated purpose.

> It doesn't prevent you to do unbundling

It does. The maintainer can now say "no" to any non-upstream unbundling.

> Pretending that the now-previous guidelines that many packages
> (including recent ones) did not respect were preventing issues was
> giving a false impression of security, that was *harmful*.

If existing packages were not compliant to the policy, that's the problem 
you need to fix, by:
1. fixing the packages (not just threatening their removal from Fedora, but
   actually having a provenpackager go in and do the downstream unbundling),
   and
2. for blatant or repeat offenses, unsponsoring both the submitters and the
   reviewers of the offending packages.

> You're free to rant or work with us to improve the now-current policy.

See above, the policy cannot be "improved" because it is fundamentally 
flawed and the exact opposite of what the policy should be.

        Kevin Kofler