Re: Proposal to reduce anti-bundling requirements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dne 11.9.2015 v 15:39 Reindl Harald napsal(a):

Am 11.09.2015 um 15:27 schrieb Zdenek Kabelac:
Dne 11.9.2015 v 15:22 Eric Griffith napsal(a):

On Sep 11, 2015 9:03 AM, "Zdenek Kabelac" <zkabelac@xxxxxxxxxx
<mailto:zkabelac@xxxxxxxxxx>> wrote:
 >
 > Dne 11.9.2015 v 14:46 Germano Massullo napsal(a):
 >
 > Fault #1
 > (I've already complained that usage of rawhide & rpmfusion is
getting silly)
 >
 >
How is the usage getting silly? *genuinely confused* Id love for
Fedora to
have everything in the repos (A la Arch) but for legal and philosophical
reasons it's not possible.

My complain here is about packaging libraries.
And just because a library has been upgraded from version .so.2 to
version .so.4  and you can't have both (as the new one replaces old one
by Fedora policy) - you cannot normally use rpmfusion.

the whole point of a *shared library* is to have single versions of libraries
and not 10 versions you need to seek if they are affacted from wahtever
security relevant bug, in many cases it will be impossible to answer that
question

and no, backporting of fixes is not the solution, ignoring manpower here, how
often do you think developers are fixing some bug and even not realize it was
security relevant and so no CVE is assigned

not long ago glibc was affactd by such a case

The best part is - the library itself is mostly useless - but because of
packaging policy - if you want to use rpmfusion - you have to basically
build
lib-compat-like (Fedora way) libraries yourself - that's what I call
silly....

no, rpmfusion just need to cope with rawhide changes and rebuild as Fedora does


We are not solving here 'ideal' word where every one has tons of free time and could rebuild everything all day&night.

This Fedora plan simply puts too much work at everyone's hands.

Sure - people who care about safety might have some option - like I always want to have ONLY the latest lib - and drop everything else, but there are still lot of users who could live with older libs quite happilly (and especially in the case they do not use the library in question AT ALL - which is the maint point here).


Zdenek


--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux