Re: The Forgotten "F": A Tale of Fedora's Foundations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 






On 24 April 2014 16:06, Christian Schaller <cschalle@xxxxxxxxxx> wrote:

> These were things that people were wondering when this came up in the past.

Once again this is becoming a debate about hypotheticals which rarely leads anywhere
constructive.


It actually isn't hypothetical. I have had to deal with a lot of problems with 3rd party repositories at previous jobs. The easiest and most common one is where the 3rd party later ships something that conflicts with the main repository. The weirder ones are where a clean package got stuff added to it where it backdoored the desktop or where it added a P2P service which set off all kinds of emails from the RIAA to the universities legal. 


To take a concrete case instead. Are you really worried about Google starting to ship
dvdcss as part of their Chrome repository? Do you really think that is a question
keeping our lawyers up at night?


I am more worried about the criteria we are using for choosing these repositories, how they are chosen, vetted and added and a basic "How we plan to deal with problems when they occur" versus the standard "OMG THE SKY IS FALLING AND ITS ALL <FILL-IN-BLANK> FAULT".  Because problems will occur and they will be at various very inconvenient times so having at least a "We will contact X, we will turn off Y in package Z, we will then push an update" with who to contact to deal with them.

 
Are there repositories out there where we can not trust the person or company behind
it enough to include it by default for legal reasons? Sure there is, but you can't say
that just because we would not want to risk shipping the rpm-warez.tor.net repo by default
all 3rd party repos are high risk and something our lawyers would be concerned about. Because
that is the argument you in practice is making when you are posing hypothetical questions about
the risk of 3rd party repos.


You seem to have completely misread me so it is clear we are talking past each other. Since I am not communicating clearly in a way you or others understand, I will stop and withdrawal until I can better do so.


 
Christian



--
Stephen J Smoogen.

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux