On Thu, Oct 01, 2015 at 07:00:13PM -0400, Matthew Miller wrote: > On Thu, Oct 01, 2015 at 11:38:31PM +0200, Reindl Harald wrote: > > >bundling out. Second, it demonstrates a case where it'd be better if > > >the bundling had been documented, because it would have shown up in a > > >query when the security team was working on that vulnerability > > > > the last part *only* works *if* it had been documented > > > > nothing of the whole thread solves the problem of unintentionally > > bundeling becaue missing knowledge or just not care about it > > > > in a perfect world upsteram would not write crap which needs to be > > unbundeled as well as maintainers would not bundle withoput > > intemtion by missing knowledge - nothing of that is solved or > > targeted > > That's a good point; it's not in the scope of this proposal. However, > it does fit with what Matthias said earier in this thread — automation > is key. We definitely have some pieces of that puzzle already — I'd > love to hear about a project to put them together. We could run a script which looks for duplicated files on the output of 'fedpkg prep' on a tree of all packages. There are various linter-style tools which look for duplicated code, but I doubt that they would be functional for a problem of this size. Zbyszek -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
