On Fri, 2007-07-20 at 02:33 +0530, Rahul Sundaram wrote: > In practical terms, I don't need to control a repository to be aware > what goes into it according to their explicitly written guidelines by > Fedora contributors outside of Red Hat. It is possible that someone > might sneak in a package that violates the guidelines in a official or > third party repository. Either would be considered a bug and fixed. If > absolute control is necessary you cannot point to a third party > repository at all but that is up to Legal to decide. > but that's just it. if someone puts that in a repository then it could be a serious poison pill. If it is enough to get red hat sued then even if it bears out that rh acted appropriately by getting the problem fixed I can relatively guarantee that will be the LAST time we ever get to try that. > If that level of control is desirable, it needn't be a third party > repository but a Fedora repository built and hosted in external (to Red > Hat) systems in regions that don't enforce software patents by Fedora > contributors. but is red hat complicit in maintaining this? Or a red hat employee? Does 'the company' know about this or is this a 'wink, wink, nudge, nudge, say no more, say no more' sort of thing? If it is the latter then I think we're at full, dead, stop w/o legal counsel. -sv _______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
