On Fri, Oct 29, 2010 at 10:18:22AM -0400, Stephen Gallagher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 10/29/2010 10:06 AM, Toshio Kuratomi wrote: > > On Thu, Oct 28, 2010 at 07:50:15PM -0400, Stephen Gallagher wrote: > >> > >> 1) We have the > >> http://fedoraproject.org/wiki/Packaging/SourceURL#When_Upstream_uses_Prohibited_Code > >> rules in the Packaging Guidelines for a reason. A party interested in > >> seeing a package in Fedora proper could work towards stripping out the > >> bundling requirement in the source tarball, then package that up as > >> described above. Naturally, any changes made to accomplish this should > >> be submitted back upstream in order to improve the product for everyone. > >> > > Just informational: > > The Guidelines you're quoting deal with modifying source due to things we're > > not allowed legally to ship and would still apply to anything on > > repos.fp.o. > > > > You probably want: > > https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries > > > > No, I was pointing at that intentionally. I was suggesting that in the > cases where it's possible for us to unbundle the libraries ourselves > when upstream ships them that we should follow the "When Upstream uses > prohibited code" guidelines to create an acceptable tarball. > You should take that to the fpc (packaging@xxxxxxxxxx is the mailing list). I doubt that we'll pass anything of the sort, though, as that's violating a different principle of packaging: the tarball you get in the rpm is vanilla upstream. The only reason we modify the tarballs for prohibited code is that legally, we cannot ship the source in question and therefore we must strip it from the tarball or be doing something illegal. Note that FPC is discussing this right now: https://fedorahosted.org/fpc/ticket/19 https://fedoraproject.org/wiki/PackagingDrafts/Treatment_Of_Bundled_Libraries and likely will decide it at their Wed meeting next week. I would encourage people to give feedback on that on packaging@xxxxxxxxxx as I personally feel conflicted about it. On the one hand, it adds extra requirements on the package maintainer (deleting the bundled libraries, patching build scripts to disable the build scripts looking for the now missing files). On the other hand it makes it much easier to tell if the build is doing something wrong (linking to the bundled code). It also is an extension of our existing guidelines about pre-built libraries: http://fedoraproject.org/wiki/PackagingGuidelines#No_inclusion_of_pre-built_binaries_or_libraries so it's not unexpected, even if it is an additional requirement. -Toshio
Attachment:
pgpZ_YVptDpTV.pgp
Description: PGP signature
_______________________________________________ advisory-board mailing list advisory-board@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/advisory-board
