Summary/Minutes from today's FESCo Meeting (2015-10-07)

Haïkel hguemar at
Fri Oct 9 09:45:52 UTC 2015

2015-10-09 1:17 GMT+02:00 Kevin Kofler <kevin.kofler at>:
> Haïkel wrote:
>> Not that I'm 100% happy with the way it happened but this has been a
>> very long-lived topic. To some, it'll be a hasty decision, to others,
>> it's already a late one.
> There's a REASON it had always been shot down so far!
>> Please keep in mind, that Fesco is aware this is not a perfect
>> solution, and we''ll gladly review any proposals to improve this
>> policy.
> It is not possible to "improve" a policy that is fundamentally broken. The
> only possible improvement is to repeal/revert it.
>> But we can keep discussing this for years, or try to solve this issue
>> incrementally.
> Or we can just keep saying no, in compliance with our principles.
>> We chose the latter.
> What is "incremental" about this policy change? It is a radical U-turn.
>> No we didn't chose quantity over quality, it will only have a marginal
>> impact on the former.
> Then it will even have failed its stated purpose.
>> It doesn't prevent you to do unbundling
> It does. The maintainer can now say "no" to any non-upstream unbundling.
>> Pretending that the now-previous guidelines that many packages
>> (including recent ones) did not respect were preventing issues was
>> giving a false impression of security, that was *harmful*.
> If existing packages were not compliant to the policy, that's the problem
> you need to fix, by:
> 1. fixing the packages (not just threatening their removal from Fedora, but
>    actually having a provenpackager go in and do the downstream unbundling),
>    and

Sounds like you're volunteering for an Unbundling SIG, go ahead, you
have blessing.
I can even provide you a list of offending packages or ones that are
not updated because of the unbundling efforts (ie: hadoop)

> 2. for blatant or repeat offenses, unsponsoring both the submitters and the
>    reviewers of the offending packages.

Good luck with that, we can't even ban repeated offenders on this very
list, let alone packagers that let bundled libs sneak in.

>> You're free to rant or work with us to improve the now-current policy.
> See above, the policy cannot be "improved" because it is fundamentally
> flawed and the exact opposite of what the policy should be.
>         Kevin Kofler

I read all above and I still believe that you're turning something
that has always been a best-effort goal into some kind of dogma.
New policy needs better wording and guidelines changes but it's not
that different from the previous one.

Unbundling will still be required when possible and necessary (e.g
dead upstream), but we have now a better footing to track bundled
libs, and stop misguided behaviours.


> --
> devel mailing list
> devel at
> Fedora Code of Conduct:

More information about the devel mailing list