On 5/13/20 4:16 PM, James Cassell wrote:
On Wed, May 13, 2020, at 5:04 PM, Ty Young wrote:
On 5/13/20 12:04 PM, Robbie Harwood wrote:
Ty Young <youngty1997@xxxxxxxxx> writes:
On 5/12/20 5:55 AM, Felix Schwarz wrote:
Am 12.05.20 um 12:32 schrieb Ty Young:
Right, I figured it was some Fedora policy and not up to you. I
suppose I should have been more clear there. Sorry for any
confusion, it was aimed at the Fedora project as a whole as this is
a Fedora issue.
This is not a Fedora issue but a consequence of Fedora's core
values. You not agree with it but "building from source" is so
fundamental that it does not make sense to even start a discussion
about it on fedora-devel.
I suggest you read up on the rationale behind that policy (which is
why I linked the policy document in the first place).
I understand that missing components/features due to the source
requirement are annoying but Fedora (and other distros) decided to
take the "high road" here and actually fix stuff instead of shipping
whatever upstream came up with.
As someone who has been burned due to Fedora's goody little two shoes
policies, I'd kindly ask that Fedora take a hike and not package the
software at all.
This is not "being excellent to each other". Let's keep in mind that we
are all here for the same reason (caring about Fedora), and that this
makes us colleagues - even when we disagree.
Neither was the threat and intimidation by higher ups at Red Hat or
Fedora, which very few people on this seem to care about despite
constantly bringing up the CoC. Selective enforcement probably isn't
"being excellent to each other" either.
Anyway, I'm just asking that Fedora not repeat what Debian did. While I
find it to be a bit paranoid, I understand the concerns regarding
someone sneaking in malware into pre-build binaries. I'm just asking
Fedora not package the software at all in that case, or any software
that depends on that software if possible. People who want to support
Linux by writing software shouldn't be bothered with bug reports from
issues they never created to begin with.
Is your position that Fedora should not package any software where the Upstream provides binaries? If so, that would seem to defeat the purpose of a Linux distribution, IMHO.
No. If source code is provided side-by-side with the binaries(as-is the
case with Gradle and many other software) then it's fine as the source
code provided is *supposed* to give you the binaries once compiled
anyway. If it doesn't then something shady may be going on.
Although I highly doubt the security claims that people are making in
favor of compiling from source. Does every Fedora packager *actually*
pore over every line of code in order to make sure it doesn't do
anything shady? I really doubt it, that would be a superhuman task in
many cases. If you can't trust binaries coming from the horses mouth
then I'm not so sure you can trust the side-by-side source code either...
V/r,
James Cassell
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
