[Fedora-join] Bundled libraries in first proposed package to Fedora

[Christopher Meng]

On Sat, Jul 25, 2015 at 10:31 PM, Marcin Haba <marcin.haba at bacula.pl> wrote:
> Hello,
>
> I am trying to contribute Fedora about Baculum WebGUI (BugZilla
> 1203018). This WebGUI uses PHP framework (PRADO framework) that is not
> available in Fedora packages.

I've seen your thread on Debian. Now Fedora.

> My first question is: if first should I try to contribute Fedora about
> PRADO Framework and then try to contribute Fedora about Baculum? I would
> not provide bundled framework to Fedora.

Many PHP frameworks contain exploits, you must maintain them
separately. In my memory, PRADO, CI, Zend and even Horde had exploits
in the past. Grab more on exploit-db if you don't know.

> Second my issue is that PHP framework itself contains bundled libraries
> from which part is available in Fedora packages (for example:
> prototype.js,  script.aculo.us, tinymce editor...etc.) and a part that
> is not available in Fedora packages.

Based on policy you must unbundle these js, even build them from
source. But you can try asking for a bundle lib exception at
FPC(though I don't have idea about those guys) of them. Web assets
packaging policy has been around for years.

> I would avoid situation that at the start for provide Baculum I will
> become a maintainer 30 other packages :-)

You jumped into the fire on your own. ;-)

> Last information is that Baculum uses raw framework without 3rd party
> libraries. For preparing buildroot files in Spec I just not include 3rd
> party code from upstream tar.gz archive. Maybe this information can make
> something easier?

You need to make sure it works. And you may lose users because they
may prefer the one with PRADO, they still install on their own and
never use package manager to install a raw framework.

And that's why many people don't package something like what you are
packaging, totally a mess.


-- 

Yours sincerely,
Christopher Meng

http://cicku.me