Summary/Minutes from today's FESCo Meeting (2015-10-07)

Stephen Gallagher sgallagh at
Fri Oct 9 15:00:30 UTC 2015

Hash: SHA1

On 10/09/2015 10:42 AM, Haïkel wrote:
> 2015-10-09 16:20 GMT+02:00 Neal Gompa <ngompa13 at>:
>> A SIG dedicated to going through our packages and "systemizing"
>> them (e.g. unbundling them) would probably be a really good idea,
>> especially with the new rules. A group of packagers experienced
>> in this could be solicited to help with trickier packages. As it
>> is, it's pretty hard to solicit for help on packages. Last night,
>> I was in #fedora-devel, where someone was working on a package to
>> unbundle, and he was having a lot of trouble doing it on his own.
>> He didn't have to, but was trying to anyway.
>> I think our packagers generally want our packages to be
>> system-friendly, but sometimes it can be very hard. We have SIGs
>> to solicit experience for Python, Ruby, PHP, etc., why not have
>> one for this too?
>> Kevin, given that you're so passionate about this, why don't you
>> create the SIG and gather folks to help support such efforts? It
>> would be greatly appreciated.
> +1 And I was serious about it, rather sticking to guidelines as if
> they were dogma, I prefer positive actions to fight poor
> practices.

I'm thoroughly behind this. I think an unbundling SIG is a far better
solution to the bundling problem than the high barrier-to-entry and
poor-enforcement solution that we had previously.

Having a group of motivated and knowledgeable individuals focused on
removing unnecessary bundling would be far more likely to result in
secure *and* usable software. I'd be more than happy to participate in
such a SIG as time allows.

Version: GnuPG v2


More information about the devel mailing list