On 07/02/2014 05:24 PM, Stephen Gallagher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07/02/2014 11:22 AM, Stephen Gallagher wrote: >> On 07/02/2014 11:19 AM, Kalev Lember wrote: >>> On 07/02/2014 05:13 PM, Stephen Gallagher wrote: >>>> This is not an official solution, but I am now providing a >>>> COPR for Rawhide installs that provides a compatibility library >>>> for libgcrypt. >> >>> That's awesome, but can we get this in rawhide proper instead? >>> I'd be happy to help get this through the review process if you >>> need a reviewer. >> >> >> Short answer: no. I don't have the time or inclination to attempt >> to maintain a compat *crypto* library. There's far too much >> possibility for disaster there. Fair enough, that's totally understandable if you don't want to maintain a crypto library. I just had to ask :) However, we've got a F21 release looming closer and I'd like to make sure major 3rd party apps keep working out of the box. And yes, this includes Chrome. This is especially important since we don't have Chromium in the Fedora repositories; otherwise we could tell users to use that instead. I feel like this is our (Fedora's) responsibility to provide a libgcrypt compat package, since it's been part of standard ABI for a while and 3rd party packages are likely to rely on it. In my book, it's fine to phase a widely used ABI out, but not pull the plug in a single release. It's unreasonable to ask 3rd party developers to follow Rawhide closely and port stuff while F21 is still under development. A much better 3rd party developer story would be saying: "Hi Mr. 3rd Party Developer, we've released F21 today with a new libcrypt. We'll remove old libcrypt in F22 but we are providing ABI compatiblity for F21 lifetime; you have 6 months to port your stuff." Anyone here interested in maintaining a libgcrypt compat package for F21 lifetime? I'd be happy to help sort out packaging and get this through the review process. > To clarify: in my COPR, it's use-at-your-own-risk. If we moved it to > Rawhide, I'm on the hook to make sure it's constantly kept up-to-date > and keep track of vulnerabilities. I'm not prepared to take that level > of ownership on. I only built this COPR because I was updating to > Rawhide today and this bit me. I'm being nice and sharing it, with the > expectation that it's really only meant for this singular use-case, > which should be obsoleted as soon as Google moves to the newer > libgcrypt (or bundles their own, whatever). I'm afraid that this could lead to technically capable people using your copr because it provides an easy way out, and leaving others out in the cold. People who'd be able to fix this in rawhide proper switch to using your copr, and end users who expect point and click Chrome installation to work are going to be disappointed and look for alternatives. -- Kalev -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
