Re: Proposal to reduce anti-bundling requirements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/02/2015 01:18 PM, Vít Ondruch wrote:

Dne 30.9.2015 v 16:52 Ralf Corsepius napsal(a):

Like I've said many times before, I feel Fedora needs a serious
vulnerability in a widespread bundled or static library, such that
people finally comprehend the harm of bundling.


This harms Fedora but not the upstream project which bundles.
Exactly. This "bundling everything" is upstream-centric. It's convenient to them, but it's harmful to wider system integration. 


If there
is discovered security issue in the bundled library, they fix it and
release new version, they are in users view the good guys who cares
about security.
Only if there is an active upstream, who actively works on its bundled sources. This applies to bigger projects such as Firefox and Chromium, but often doesn't apply to smaller projects.
There, bundled sources often pretty soon don't get much attention and simply rot. Worse, when such upstream goes AWOL. 


I am afraid that no matter how much education you'd like to apply to
this issue, you will never reduce it, since honestly, most of the
development is done on different platforms then Linux, where bundlind of
various kinds is a norm.
Sure, but IMO, this shouldn't be reason for us to follow these system's mistakes.
When you have a look at these systems, you'll soon notice bundling is one of the primary causes for vulnerabilities on these systems. 


And TBH, as much as I hate this reduction of anti-budnling requirements,
I also hate to hear from upstream that they don't wish their SW to be
included in Fedora, since we break it due to unbundling policies.
So be it. It's their decision - I don't want Fedora to be taken hostage by short sighted upstreams and their non-system-integratible designs.
Also, if there's sufficient interested in a piece of SW and if their design isn't too crappy, it should not be much of a problem for Fedora to properly integrate a SW into Fedora. 

Ralf


--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux