Sounds like you're volunteering for an Unbundling SIG, go ahead, you2015-10-09 1:17 GMT+02:00 Kevin Kofler <kevin.kofler@xxxxxxxxx>:
> Haïkel wrote:
>> Not that I'm 100% happy with the way it happened but this has been a
>> very long-lived topic. To some, it'll be a hasty decision, to others,
>> it's already a late one.
>
> There's a REASON it had always been shot down so far!
>
>> Please keep in mind, that Fesco is aware this is not a perfect
>> solution, and we''ll gladly review any proposals to improve this
>> policy.
>
> It is not possible to "improve" a policy that is fundamentally broken. The
> only possible improvement is to repeal/revert it.
>
>> But we can keep discussing this for years, or try to solve this issue
>> incrementally.
>
> Or we can just keep saying no, in compliance with our principles.
>
>> We chose the latter.
>
> What is "incremental" about this policy change? It is a radical U-turn.
>
>> No we didn't chose quantity over quality, it will only have a marginal
>> impact on the former.
>
> Then it will even have failed its stated purpose.
>
>> It doesn't prevent you to do unbundling
>
> It does. The maintainer can now say "no" to any non-upstream unbundling.
>
>> Pretending that the now-previous guidelines that many packages
>> (including recent ones) did not respect were preventing issues was
>> giving a false impression of security, that was *harmful*.
>
> If existing packages were not compliant to the policy, that's the problem
> you need to fix, by:
> 1. fixing the packages (not just threatening their removal from Fedora, but
> actually having a provenpackager go in and do the downstream unbundling),
> and
have blessing.
I can even provide you a list of offending packages or ones that are
not updated because of the unbundling efforts (ie: hadoop)
Regards,
H.
A SIG dedicated to going through our packages and "systemizing" them (e.g. unbundling them) would probably be a really good idea, especially with the new rules. A group of packagers experienced in this could be solicited to help with trickier packages. As it is, it's pretty hard to solicit for help on packages. Last night, I was in #fedora-devel, where someone was working on a package to unbundle, and he was having a lot of trouble doing it on his own. He didn't have to, but was trying to anyway.
I think our packagers generally want our packages to be system-friendly, but sometimes it can be very hard. We have SIGs to solicit experience for Python, Ruby, PHP, etc., why not have one for this too?
Kevin, given that you're so passionate about this, why don't you create the SIG and gather folks to help support such efforts? It would be greatly appreciated.
真実はいつも一つ!/ Always, there's only one truth!
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
