On Thu, Feb 12, 2015, at 01:32 PM, Stephen Gallagher wrote: > tl;dr Shall we consider requiring a lesser package review for packages > that are not present on Product or Spin install media? It's worth noting here that having two levels is not really going to be new to the ecosystem; e.g. Ubuntu has had Main/Universe for quite a while: https://help.ubuntu.com/community/Repositories/Ubuntu I just have one question: You're defining this split at the *runtime* level. Last I saw the Base working group was trying to cut down BuildRequires (but sadly I haven't seen them fighting Requires yet - I would love if someone did that for Perl) If Ring 0 packages BuildRequire Ring 1 (or further) packages, ultimately their quality is going to be somewhat contingent on them. Using bundling as a differentiator though, it does seem like there's likely a lot less pressure to require quick security updates for BuildRequires. Anyways, something I think is missing from here is more details on how this "on the install media set" distinction is maintained over time. If it isn't separate (yum) repositories it seems like it's going to be hard to enforce. (Who would notice if a package in 0 started depending on a ring 1? Would that imply the new dependency needed another review pass?) -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
