[Fedora-legal-list] Retaining old binaries and SRPMs vs package git
Tom Callaway
tcallawa at redhat.com
Wed Feb 19 19:09:00 UTC 2014
On 02/19/2014 12:58 PM, Colin Walters wrote:
> So that's my first question - do I need to include the file-level
> mapping so one can go from binary -> package -> source package?
I think so, but read on.
> Second, Koji may garbage collect the RPMs and SRPMs, for an obsoleted
> build, but rpm-ostree may retain the binaries.
>
> Is the package git sufficient for this purpose? One can reconstruct the
> SRPMs from that. Or would we need integration between Koji and
> rpm-ostree to avoid having SRPMs garbage collected as long as they're
> stored in the OSTree repository?
The latter is preferred, but I think the former would be sufficient if
it is technically infeasible.
The rule of thumb is that if you distribute binaries, you need to have
an obvious pointer to the source. We assume people who have our RPMs
will be able to find the matching SRPMs (either from the download trees,
or from the repositories, or koji), so os-tree needs to have a similar
arrangement. Even a generated SOURCES.txt that tells the user which
koki/git commands to run to get the matching source would be sufficient.
hth,
~tom
==
¸.·´¯`·.´¯`·.¸¸.·´¯`·.¸><(((º> OSAS @ Red Hat
University Outreach || Fedora Special Projects || Fedora Legal
More information about the legal
mailing list