On Fri, 26 Apr 2019 11:07:54 -0000 (UTC) Petr Pisar <ppisar@xxxxxxxxxx> wrote: I am a fedora user with no dog in this fight. > Controversial property of modules are private build-time dependencies. > Modularity allows packagers to hide them and to not to support them > (to the extend that they work in my module). However, this > privatisation has costs. It means duplication of work unless two ... Isn't this contrary to the Fedora rules? If I'm understanding this correctly, it means that modules in Fedora can contain dependencies on code that isn't available, so that Fedora (and users) can't build that module from source. And that the module could contain basically anything because no one can examine the contents that built the module. Could someone privately pull in something like the proprietary nvidia binary blob and use it to build their module without anyone knowing? Because I'm not knowledgeable about this, it might be that private dependencies have to be packages built from source code available in the Fedora ecosystem, and so this is not possible. I just want to clarify my understanding. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
