Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=907464 Michael Scherer <misc@xxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |ASSIGNED Resolution|NOTABUG |--- Keywords| |Reopened --- Comment #2 from Michael Scherer <misc@xxxxxxxx> --- Yes, I have read the source code, and I am aware of the reason on why cpanm do it ( hence the "While the way cpanm work kinda mandate it" part in my first comment ). But as I said, I think this should be tracked somewhere. I have seen how the code is bundled and I know this would be quite hard to unbundle, but I am not FPC, so in the end, it is up to them to decide, not to me, hence the request to see with them. If I was the one to decide, I would grant a exception, provided we can find what is bundled, so if any security issue arise, we can quickly see this should be fixed in cpanm too. For example there is a bundle of JSON::PP or HTTP::Tiny, and I picking these 2 because they are either consuming untrusted input or network stuff, so could in theory be problematic. And in all case, the packaging guidelines are quite clear on what to do if there if there is a bundle : https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Requirement_if_you_bundle This include adding a link to the ticket for the exception. And while the ticket look like bureaucracy ( since I think the exception would be granted ), I think only FPC can edit the wiki page with bundled exceptions list, and that would be used as a reference source, and so must be up to date. The fact that only part of the code is copied doesn't make it less a problematic copy from a tracking point of view. So yes, i think something should be done, and the current process and documentation requires some group to do it, and that's FPC as you correctly said. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=tq7AaveoRE&a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel
