Summary/Minutes from today's FESCo Meeting (2015-10-07)
ngompa13 at gmail.com
Fri Oct 9 14:20:00 UTC 2015
On Fri, Oct 9, 2015 at 5:45 AM, Haïkel <hguemar at fedoraproject.org> wrote:
> 2015-10-09 1:17 GMT+02:00 Kevin Kofler <kevin.kofler at chello.at>:
> > Haïkel wrote:
> >> Not that I'm 100% happy with the way it happened but this has been a
> >> very long-lived topic. To some, it'll be a hasty decision, to others,
> >> it's already a late one.
> > There's a REASON it had always been shot down so far!
> >> Please keep in mind, that Fesco is aware this is not a perfect
> >> solution, and we''ll gladly review any proposals to improve this
> >> policy.
> > It is not possible to "improve" a policy that is fundamentally broken.
> > only possible improvement is to repeal/revert it.
> >> But we can keep discussing this for years, or try to solve this issue
> >> incrementally.
> > Or we can just keep saying no, in compliance with our principles.
> >> We chose the latter.
> > What is "incremental" about this policy change? It is a radical U-turn.
> >> No we didn't chose quantity over quality, it will only have a marginal
> >> impact on the former.
> > Then it will even have failed its stated purpose.
> >> It doesn't prevent you to do unbundling
> > It does. The maintainer can now say "no" to any non-upstream unbundling.
> >> Pretending that the now-previous guidelines that many packages
> >> (including recent ones) did not respect were preventing issues was
> >> giving a false impression of security, that was *harmful*.
> > If existing packages were not compliant to the policy, that's the problem
> > you need to fix, by:
> > 1. fixing the packages (not just threatening their removal from Fedora,
> > actually having a provenpackager go in and do the downstream
> > and
> Sounds like you're volunteering for an Unbundling SIG, go ahead, you
> have blessing.
> I can even provide you a list of offending packages or ones that are
> not updated because of the unbundling efforts (ie: hadoop)
A SIG dedicated to going through our packages and "systemizing" them (e.g.
unbundling them) would probably be a really good idea, especially with the
new rules. A group of packagers experienced in this could be solicited to
help with trickier packages. As it is, it's pretty hard to solicit for help
on packages. Last night, I was in #fedora-devel, where someone was working
on a package to unbundle, and he was having a lot of trouble doing it on
his own. He didn't have to, but was trying to anyway.
I think our packagers generally want our packages to be system-friendly,
but sometimes it can be very hard. We have SIGs to solicit experience for
Python, Ruby, PHP, etc., why not have one for this too?
Kevin, given that you're so passionate about this, why don't you create the
SIG and gather folks to help support such efforts? It would be greatly
真実はいつも一つ！/ Always, there's only one truth!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel