[Fedora-join] Bundled libraries in first proposed package to Fedora

Marcin Haba marcin.haba at bacula.pl
Wed Jul 29 07:30:32 UTC 2015 

Hello Christopher,

On 29.07.2015 02:27, Christopher Meng wrote:
> On Sat, Jul 25, 2015 at 10:31 PM, Marcin Haba <marcin.haba at bacula.pl> wrote:
>> Hello,
>>
>> I am trying to contribute Fedora about Baculum WebGUI (BugZilla
>> 1203018). This WebGUI uses PHP framework (PRADO framework) that is not
>> available in Fedora packages.
> 
> I've seen your thread on Debian. Now Fedora.

Yes, that is me. I am trying to add Baculum to Debian.
Does it make any problem?

>> My first question is: if first should I try to contribute Fedora about
>> PRADO Framework and then try to contribute Fedora about Baculum? I would
>> not provide bundled framework to Fedora.
> 
> Many PHP frameworks contain exploits, you must maintain them
> separately. In my memory, PRADO, CI, Zend and even Horde had exploits
> in the past. Grab more on exploit-db if you don't know.

Yes, one exploit in exploit-db for functional tests in old PRADO
version. It has been fixed long time ago.

>> Second my issue is that PHP framework itself contains bundled libraries
>> from which part is available in Fedora packages (for example:
>> prototype.js,  script.aculo.us, tinymce editor...etc.) and a part that
>> is not available in Fedora packages.
> 
> Based on policy you must unbundle these js, even build them from
> source. But you can try asking for a bundle lib exception at
> FPC(though I don't have idea about those guys) of them. Web assets
> packaging policy has been around for years.

Thanks for this advise.

I am going to unbundle all bundled libs in PRADO and report as feature
request every lib not available in Fedora packages yet.

If can I do this work self then I prefer that way. If occur some
troubles with packaging not possible to solve by me, then I try to
consider sending ask to FPC, if the cause will be reasonable.

>> I would avoid situation that at the start for provide Baculum I will
>> become a maintainer 30 other packages :-)
> 
> You jumped into the fire on your own. ;-)

Yes, Indeed :-)

>> Last information is that Baculum uses raw framework without 3rd party
>> libraries. For preparing buildroot files in Spec I just not include 3rd
>> party code from upstream tar.gz archive. Maybe this information can make
>> something easier?
> 
> You need to make sure it works. And you may lose users because they
> may prefer the one with PRADO, they still install on their own and
> never use package manager to install a raw framework.
> 
> And that's why many people don't package something like what you are
> packaging, totally a mess.

I do not know how does it look in case other framework projects. I do
not think that in case PRADO. In my opinion it is reliable project.

We will see during packaging process what type of problems do I meet ;-)

Thanks for your mail.

Best regards.
Marcin Haba

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/fedora-join/attachments/20150729/3300b393/attachment.sig>

More information about the fedora-join mailing list