On 14/02/15 01:45, Ken Dreyer wrote:
Here's the new policy that I would vote for:
1) We allow bundled libraries, and each bundled library MUST have a
virtual Provides: bundled(foo) in the RPM spec. (The packager SHOULD
provide a version number too, with the admission that it is sometimes
difficult to get this number correct.)
2) If another packager comes up with a patch to unbundle the library and files
the patch in Bugzilla, then the package maintainer MUST take the
patch.
3) If the package maintainer disagrees with the patch for whatever reason
(maybe it's a feature regression, or whatever), they MUST bring it to
the FPC for arbitration. The FPC must take into account the loss of
functionality that unbundling could imply.
This revised policy would lower the barrier to entry for newcomers,
and still leave room for more advanced contributors to do the work if
they desired to do so.
In the end, I guess this is a trade-off between doing the Right Thing
from the overall security and distro maintenance perspective, and doing
the Right Thing from the "follow the upstream" view.
My gut feeling is that this trade-off is differs in different
communities. So, what happens if we discuss this from a language point
of view?
What if we, as a a starter, applied such a policy to e. g., ruby
packages? Expanding to other languages over time in a more controlled way?
Cheers!
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
