Proposal to reduce anti-bundling requirements
Reindl Harald
h.reindl at thelounge.net
Fri Sep 11 13:47:23 UTC 2015
Am 11.09.2015 um 15:43 schrieb Zdenek Kabelac:
> Dne 11.9.2015 v 15:39 Reindl Harald napsal(a):
>>
>> Am 11.09.2015 um 15:27 schrieb Zdenek Kabelac:
>>> Dne 11.9.2015 v 15:22 Eric Griffith napsal(a):
>>>>
>>>> On Sep 11, 2015 9:03 AM, "Zdenek Kabelac" <zkabelac at redhat.com
>>>> <mailto:zkabelac at redhat.com>> wrote:
>>>> >
>>>> > Dne 11.9.2015 v 14:46 Germano Massullo napsal(a):
>>>> >
>>>> > Fault #1
>>>> > (I've already complained that usage of rawhide & rpmfusion is
>>>> getting silly)
>>>> >
>>>> >
>>>> How is the usage getting silly? *genuinely confused* Id love for
>>>> Fedora to
>>>> have everything in the repos (A la Arch) but for legal and
>>>> philosophical
>>>> reasons it's not possible.
>>>
>>> My complain here is about packaging libraries.
>>> And just because a library has been upgraded from version .so.2 to
>>> version .so.4 and you can't have both (as the new one replaces old one
>>> by Fedora policy) - you cannot normally use rpmfusion.
>>
>> the whole point of a *shared library* is to have single versions of
>> libraries
>> and not 10 versions you need to seek if they are affacted from wahtever
>> security relevant bug, in many cases it will be impossible to answer that
>> question
>>
>> and no, backporting of fixes is not the solution, ignoring manpower
>> here, how
>> often do you think developers are fixing some bug and even not realize
>> it was
>> security relevant and so no CVE is assigned
>>
>> not long ago glibc was affactd by such a case
>>
>>> The best part is - the library itself is mostly useless - but because of
>>> packaging policy - if you want to use rpmfusion - you have to basically
>>> build
>>> lib-compat-like (Fedora way) libraries yourself - that's what I call
>>> silly....
>>
>> no, rpmfusion just need to cope with rawhide changes and rebuild as
>> Fedora does
>>
>
> We are not solving here 'ideal' word where every one has tons of free
> time and could rebuild everything all day&night.
don't tell me rpmfusion could not easily make that fully automated
> This Fedora plan simply puts too much work at everyone's hands.
>
> Sure - people who care about safety might have some option - like I
> always want to have ONLY the latest lib - and drop everything else, but
> there are still lot of users who could live with older libs quite
> happilly (and especially in the case they do not use the library in
> question AT ALL - which is the maint point here)
you said "every one has tons of free time" - well - and who would
maintain the dozen of versions of libraries packages?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150911/012fffc7/attachment.sig>
More information about the devel
mailing list