On Tue, 13 Jul 2004, Peter Jones wrote:
On Tue, 2004-07-13 at 14:00 -0500, Rex Dieter wrote:
The point I wanted to make is this: What is *redhat/fedora*'s definition of Open Source? I have yet to see any authoritative reference. Until I see one, I would argue that there exists enough ambiguity to include pine. For example, UW's site claims pine is opensource.
It doesn't matter which licenses are or aren't "open source".
To this discussion, it most certainly does matter. If pine doesn't meet the definition of "open source", then it's inclusion in Extras can certainly be rejected without further comment.
If there's a security problem, what would we tell the users? "Remove the package until there's a fixed one, which oh by the way we don't have any clue as to an ETA for"?
It's not nearly as bad as you make it out.
You just wait for upstream fixes. Maybe, oh maybe, you (or I as packager) could even join pine's mailing lists, and be able to know the development progress of bugs/fixes. I'd bet you can't tell me there currently exists no packages in Fedora Core/Extras that doesn't have to wait to upstream fixes.
If we need to patch it to do mailbox locking the One True Fedora Way, what do we do? We can't fix it, and so it'll be the one mail client that corrupts mailboxes. Users love corrupted mailboxes.
Ditto as before. Report bug upstream. Wait for fix. The ball would be in the pine developers' hands. There is a reason there exists an UPSTREAM keyword in bugzilla.fedora.us you know.
I'd say the possibility of any of these scenarios puts any package with this kind of license well past "unmaintainable".
I disagree. I would argue that having to wait for upstream fixes certainly does *not* imply a package in unmaintainable.
-- Rex
