Bill Nottingham wrote:
Mike McGrath (mmcgrath@xxxxxxxxxx) said:
I think this is a good start. I'm a little concerned with how we ensure
that what they put up as "Fedora" stuff is actually Fedora stuff,
generated legally, securely, etc... We haven't really had to think on
this before because we only put up what we generate, now we're going to
put up what somebody else generates from a different system. Just
something that will keep me up at night.
I'd say the same way we do it now, bugzilla.
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224627) for
example. We have ultimate control to remove something if we need to.
I think what he's asking is do we have the resources to *review* that
stuff is built from the same/similar sources, etc.
Bill
I hate to even suggest this but do we need some sort of super CLA? or
would the CLA cover this already? Side note: I'm not sure we can host
this immediately, we just don't have the storage right this minute. I'm
looking around though.
-Mike
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
