2015-09-15 13:02 GMT+02:00 Ralf Corsepius <rc040203@xxxxxxxxxx>: > > a) We don't have any such tracking system. If maintainers followed FPC recommendations on that matter, it will be very easy to have one. I have in my TODO to implement one for CentOS Cloud SIG to track security issues for some horrible packages > b) So far, this has not been a problem. > Not being aware of the problem is different from not having a problem. Famous example being requests bundling other common libraries and itself being bundled by the rest of the world. All those funny REST clients with buggy code and nobody cares upstream. > In the past, this these issues were commonly worked around by Fedora > maintainers forking in private and them feeding them into Fedora as set of > patches. > Yes, and I'm working on a proposal on guidelines + tooling to make it easier to work on that. And preferably self-hosted in Fedora thanks to pagure. >> Our role is mitigate bad habits and educate upstream, not ignoring them. > > Right, but you're underestimating the stubbornness and non-cooperativeness > of some upstream and fedora maintainer. Sadly, no. > They usually believe to have an "ultra-clever design" and the FPC to be dumb > idiots who are unable to comprehend their cleverness. > > Ralf > Well, I'm personally thankful that FPC "dumb idiots" and alike taught me proper engineering when I was young graduate a decade ago. I think that every developer should once in a while, put his hands into packaging/integration or system administration to understand what they're doing. (forgot to send this one, but well, we don't praise enough FPC for their awesome work) > > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
