Toshio Kuratomi wrote:
Do people think this is an allowable exception? These apps are in a grey area between one-off system administration scripts and applications that are present in multiple environments already. I think they must be OSS and their source must be available but I'm not sure if the requirement that they be packaged for Fedora is necessary.
We had a policy in place before when I used to sys admin stuff that all the packages needs to be available in the distribution repository and any local scripts be cleanly separated. It helps a lot. You get packaging and legal checks. Even if a particular piece of software is used only in one place in the Fedora infrastructure not having it in the repository means the team is solely responsible for keeping track of any security issues. It is up to the team to decide to allow exceptions but you have to weigh the benefits carefully.
I also foresee us running into issues at some point with version mismatches between the Fedora/EPEL packages and what we run on our servers. Maybe we want to upgrade the TurboGears stack on our servers but we don't want to change the API for EPEL. Maybe we are putting out necessary updates for the apps we are working on but upgrading the bits in Fedora/EPEL every two days doesn't seem like a good idea. We need to have some ability to separate what we package for Fedora from what we are actively developing in Infrastructure.
Again any deviations from what is in the repository is additional burden for the team. Deciding on the details is why having good documentation on the policies are helpful. Maybe this could be discussed in the next IRC meeting?
Rahul
