On Thu, Apr 24, 2014 at 11:56 AM, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 04/24/2014 11:01 AM, Stephen John Smoogen wrote: >> >> >> >> On 24 April 2014 02:49, Christian Schaller <cschalle@xxxxxxxxxx >> <mailto:cschalle@xxxxxxxxxx>> wrote: >> >> Well my point is I spoke to Red Hat legal before I even posted the >> original proposal to open up to more 3rd party repositories some >> Months ago. There are a lot of repositories that it is perfectly >> fine for Fedora to include from a legal perspective. But they will >> need to be reviewed by legal on a case to case basis, going to >> legal up front and saying 'hey can I include a hypothetical >> repository' will only yield you the answer 'depends on the >> repository'. >> >> >> OK cool. What is the plan for when repositories change what they >> are carrying and add stuff that may be legal for them but not for >> others? Will there be periodic reviews to make sure that this >> hasn't happened or some way that we roll back what repositories we >> recommend? >> > > > At the risk of being glib: What's the plan for periodically > re-reviewing every package in Fedora to make sure that its sources > always remain legal? > > It's the same problem and it can only realistically be dealt with by > "If someone notices, deal with it then." IIRC, the original discussion was framed around specific repositories with specific pieces of software. So a repository carrying e.g. Chrome and only Chrome. Not something like rpmfusion which carries a multitude of varied packages. So in that case, the audit becomes easier. josh -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
