Summary/Minutes from today's FESCo Meeting (2015-10-07)

[Stephen Gallagher]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/09/2015 10:42 AM, Haïkel wrote:
> 2015-10-09 16:20 GMT+02:00 Neal Gompa <ngompa13 at gmail.com>:
>> 
>> A SIG dedicated to going through our packages and "systemizing"
>> them (e.g. unbundling them) would probably be a really good idea,
>> especially with the new rules. A group of packagers experienced
>> in this could be solicited to help with trickier packages. As it
>> is, it's pretty hard to solicit for help on packages. Last night,
>> I was in #fedora-devel, where someone was working on a package to
>> unbundle, and he was having a lot of trouble doing it on his own.
>> He didn't have to, but was trying to anyway.
>> 
>> I think our packagers generally want our packages to be
>> system-friendly, but sometimes it can be very hard. We have SIGs
>> to solicit experience for Python, Ruby, PHP, etc., why not have
>> one for this too?
>> 
>> Kevin, given that you're so passionate about this, why don't you
>> create the SIG and gather folks to help support such efforts? It
>> would be greatly appreciated.
>> 
>> 
> 
> +1 And I was serious about it, rather sticking to guidelines as if
> they were dogma, I prefer positive actions to fight poor
> practices.

I'm thoroughly behind this. I think an unbundling SIG is a far better
solution to the bundling problem than the high barrier-to-entry and
poor-enforcement solution that we had previously.

Having a group of motivated and knowledgeable individuals focused on
removing unnecessary bundling would be far more likely to result in
secure *and* usable software. I'd be more than happy to participate in
such a SIG as time allows.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlYX1okACgkQeiVVYja6o6NCNQCeJuKCg8nfAfZqSpLJF8S7iAAo
8OsAn06GUVmHzz8qf8XdCxS8yO2Sxq3U
=uVJd
-----END PGP SIGNATURE-----