On Tue, Apr 08, 2014 at 20:21:11 -0400, Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> wrote:
Who is doing that work within Fedora today? After the initial review, there is no on-going audit of packages _within_ Fedora to make sure they aren't bundling (or following guidelines at all). That's not to say that we have a massive problem. It _is_ implying that maybe one shouldn't blindly trust the guidelines to catch all of the potential problems though.
I think there is a difference in people not following guidelines than saying it is OK. Right now there is a reasonable chance that no one has bundled openssl into another official Fedora package. If we explicitly say bundling is OK, then it becomes a lot more likely that libraries end up being bundled.
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
