Hi,
On 09/03/2009 05:05 PM, Tom "spot" Callaway wrote:
On 09/03/2009 10:57 AM, Hans de Goede wrote:
It really is like having to support gentoo, versus having to support a
distro using pre build packages. And I would really like to move to the having to
support a pre-build package model for the initrd.
The problem is this:
The kernel binary RPM contains this pre-built initrd. The kernel source
RPM does not contain the sources necessary to make this pre-built initrd.
This makes me rather uncomfortable from a Licensing perspective.
True, but we do provide SRPMS with the sources, if we include a list of
the SRPMS with the sources, with full NEVR in the kernel rpm as doc,
wouldn't that be sufficient?
I'm
also concerned about it from a security perspective, as these binaries
are very likely to be overlooked when security updates are pushed.
We already have that issue with mkinitrd, and will have it when we move
to generating dracut initrd's in %post too. IOW the security issue will
always be there, so lets focus on the licensing issue please.
Regards,
Hans
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
