#61: Fedora Packaging Guidelines: Weak Dependencies on packages from third-party repos -------------------------+--------------------- Reporter: maxamillion | Owner: Status: new | Priority: normal Component: General | Resolution: Keywords: meeting | -------------------------+--------------------- Comment (by sgallagh): Historically, Fedora Requires: have only been allowed to reference packages within Fedora. This made sense, since Fedora needs to be internally consistent and we wouldn't be able to achieve repoclosure otherwise. However, now that we have `Recommends:` and `Suggests:` dependencies available, it makes sense to revisit this. For example, in this particular BZ, we have a package that is ''functional'' without ffmpeg, but gains some considerable additional functionality if ffmpeg is present. If ffmpeg was in Fedora proper, I'd say that would be a clear case for a `Recommends:` dependency (so it would be installed by default but not critical for all operation). However, `Recommends:` has a secondary feature which is that it will be ignored if the recommended package is not present in any configured repository. So if the necessary third-party repositories are not installed or enabled, the sway package would just install without those extra features. This could actually be a very desirable situation. I see the following possible decisions that the Council could make: 1. Packages in the Fedora Collection may only reference other Fedora Collection packages in any dependency, strong or weak. 1. Packages in the Fedora Collection may use `Recommends:` and `Suggests:` that reference packages in third-party repositories, but may not `Requires:` them. 1. Packages in the Fedora Collection may use `Recommends:` and `Suggests:` that reference packages that are distributed under an acceptable open- source license in third-party repositories, but may not `Requires:` them. Given the nature of the weak dependencies, I'd argue that it's reasonable to assume that if a user has enabled a third-party repository, they have made a conscious decision assuming the risks (technical, security and legal) to use software from that repository, so allowing the use of `Recommends:` makes sense to me, but I also don't know whether there is any additional legal consideration to be made. Note: this decision is not limited to the current situation. A decision here to allow weak deps could also theoretically lead to the graphics stack adding `Recommends:` for proprietary drivers (if we allowed closed- source), so that needs to be considered carefully. -- Ticket URL: <https://fedorahosted.org/council/ticket/61#comment:2> council <https://fedorahosted.org/council> Fedora Council Public Tickets _______________________________________________ council-discuss mailing list council-discuss@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct https://lists.fedoraproject.org/admin/lists/council-discuss@xxxxxxxxxxxxxxxxxxxxxxx The Fedora Project's mission is to lead the advancement of free and open source software and content as a collaborative community.
