-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 13 Feb 2014 11:26:54 -0500 Richard Fontana <rfontana@xxxxxxxxxx> wrote: > On Tue, Feb 11, 2014 at 06:52:01AM -0600, Dennis Gilmore wrote: > > 2) cloud WG wants to be able to produce updates images, what are our > > requirements to ensuring source compliance with the GPL? > > > > Today the sources for livecds and appliance images are only in the > > source tree and not separated out. if we do updates images some > > sources will be in the base source tree and some in updates, > > however the updates sources will go away if the package gets > > another update. the only single source where we could point people > > at is koji. > > I'm trying to understand the possible concern - why would pointing > people at koji not be good enough? If ponting people at koji is good enough that's okay. The images will be made available somewhere on the download server and via mirrors say under /pub/fedora/linux/releases/21/Update1/Images/ but to get the sources you would need to either go to koji where only unsigned copies are easily available sometimes the only copy available. We do clean up the signed copy of older updates, we keep the signature header and can reattach it if needed. or you need to look through the Base release or updates source trees where the signed copy of the rpm will be available. With knowledge you can always get the source from git. My concern is over how easily do we need to make the source available? does the source need to be available in the same location as the binaries? do I need to have a source tree at /pub/fedora/linux/releases/21/Update1/SRPMS/ for instance to match above do we need to add a README.Sources or similar file that points the user to where to get the sources or do we not need to do anything? Dennis -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJS/QE0AAoJEH7ltONmPFDRFkAP/1aalbNzeaohlcTlpbK8t25s 6rsQZmGtFjs//WC1NnLb7aR3OEAsZX3/bJu2o7ad6R+lZs0jooyRMSK+maZk1qlE +0a8y5T35foBRTcuLP+R77XbrBUfdqgc/rgSajPQRQRdXZHuKla8LCpgdvHz4UVT N5RNGqYSezHUP5bFoFl7AUz1vznGZqc0IAjlMRB/QsBKEkLBmlZcepQ/8or56v6w Wfh21Is7LKEELQOWBTI8fHYpbJQ8zTqHT6VL24uS/rZyzzFXxylvEEEAbyeEkcy0 hhj5q1JNmEdCssXgcLcZb288ohm24iURnDK5kdPv6fCambo6ceXYDTfk2HNZ8Dlo gzNyAEYzXt6MJatf//zr73rbQ1G/33KPcdBP/0RSUYNx8ikuGSMqBoS8iCptOxUH AcUhtscgmUiyVXGqIQGkkPlRFISODS+T1IIRyQcW+2O6OtzTIaKh2wTU7rhqvFZz 6BCTqZHNTh+j+QdGL9eFKr8NnyDYoHd5KT8HImauRuO+QxSrQom4+R6eSIFhBLgy 6Cb2JuH0TQkBzJUrbMwUNbC3kMU6RbUuSQl9mIsLGj+gYArRCDaChuEICP6/bp5U 8dMrWJ0AtOMgzPkm03tagDPe4ZYyDuTDM8PoxWk/+RKvQFf286fPPeDeCrCnn4GE j/Xd4kRCNGGqg9qYlhuA =McM1 -----END PGP SIGNATURE----- _______________________________________________ legal mailing list legal@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/legal