"Unbundling SIG" was [Re: Summary/Minutes from today's FESCo Meeting (2015-10-07)]

Kevin Kofler kevin.kofler at chello.at
Sun Oct 11 12:29:59 UTC 2015 

Haïkel wrote:
> In short: packagers are not to be trusted, that's the bottom line of
> your argumentation.

Not at all! It is funny that you are accusing me of distrusting packagers 
when I have been arguing for years that packagers ARE to be trusted and thus 
the restrictions on updates need to go away.

What I am saying instead is that:
1. You have to acknowledge that there is an obvious conflict of interest
   between upstream and downstream on this issue.
2. Several packagers ARE upstream.
3. There is a common credo (which I do not adher to) in Fedora that upstream
   should be followed blindly ("upstream, upstream, upstream").
4. There is nothing in the new policy that states, even informally
   (= without enforcement), that unbundling is MORE IMPORTANT than following
   upstream.

And don't forget that the people who want libraries to be unbundled will in 
most cases ALSO be packagers, just not necessarily the maintainers of the 
particular package.

So there needs to be:
* a clear statement (an informal recommendation or a strict rule) that
  unbundling is the desired target state even if upstream is against it, and
* a way to deal with the potential conflicts of interest (where the packager
  is upstream and/or puts upstream's goals above ours).

I still think the old policy with its strict rule was the best way to 
address both.

If you think packagers will always do the right thing without any kind of 
guidance, then why do we have packaging guidelines at all?

> Being putting down stricter guidelines without any means of enforcing
> them, you're not solving anything.

There is a means of enforcing this guideline, just like all the other 
packaging guidelines: unsponsoring offenders! Of course, it should be done 
only as a last resort, but the possibility needs to be there.

> FESCo choose to trust contributors to do the right thing and being honest.

Then start by repealing the update stability policies.

> Wrong, it's even more "laxist" than our current one.
> https://www.debian.org/doc/debian-policy/ch-source.html#s-embeddedfiles
> https://fedoraproject.org/wiki/User:Tibbs/BundlingDraft2

It is actually not, if you read them closely.

Debian:
| Debian packages should not make use of these convenience copies unless the
| included package is explicitly intended to be used in this way.
i.e., the LIBRARY upstream decides whether it is a copylib or not. This is 
similar to the copylib exception in our old guidelines, except that they do 
not require any formal approval for copylibs.

Tibbs:
| All packages whose upstreams allow them to be built against system
| libraries must be built against system libraries.
i.e., the APPLICATION upstream decides whether it bundles its libraries or 
not. This is NOT the same thing. In most cases, they are NOT the same 
upstream, and the application upstream can bundle even libraries that DON'T 
want to be bundled.

> Besides, you're not answering the question, Matthew changed the topic
> to focus the discussion on the Unbundling SIG proposal.

I am answering some points Matthew was making, and they are within the topic 
of the thread as a whole.

> I think it's a better idea to have a focused group leading that effort
> and I hope closely with FPC.

I don't think it is fair to offload lazy packagers' work on the small group 
that cares about having Fedora done right. It is bad enough that we need to 
fix packages that are in violation of the guidelines, we should not let it 
become the norm by weakening or repealing the guidelines (but instead take 
steps to prevent this from happening to begin with).

        Kevin Kofler

More information about the devel mailing list