On Wed, Jan 22, 2014 at 11:54:15PM +0100, Miloslav Trmač wrote: > On Wed, Jan 22, 2014 at 5:39 PM, Matthew Garrett <mjg59@xxxxxxxxxxxxx> > wrote: > > You want that set of channels to include a number of third-party vendors > > who distribute non-free software. There's a few practical problems here > > - how do we choose those vendors? What process do we have for ensuring > > that they aren't distributing malicious code? What if they provide a > > package that breaks software that we ship as part of Fedora? What if a > > vendor with a known history of shipping broken software requests > > inclusion and kicks up a PR storm if we refuse? > > Every single retailer is facing these questions about he products arriving > from the vendors, and somehow they manage. This should not be *that > huge*a deal in practice; primarily it's a matter of mindset, > abandoning the > "full-featured and self-contained distribution" expectation. I don't see the relation between those two things. We can move away from that expectation without providing any kind of third-party software by default. > (It seems that sandboxing the third-party software is what the world is > converging on, but we've also had >30 years of software products for sale > before sandboxing existed.) A bunch of technical problems are certainly solved if we assume that everything distributed this way is sandboxed, but sandboxing doesn't let you distribute codecs or graphics drivers. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx _______________________________________________ advisory-board mailing list advisory-board@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/advisory-board
