On Wed, May 18 2022 at 12:01:33 PM -0400, Neal Gompa
<ngompa13@xxxxxxxxx> wrote:
At this point, I'd rather have an OpenJDK in Fedora than not.
I'll bite: why? Just so that it's easily available via RPM? It's
starting to sound like Fedora would be providing very little value here
on top of what is offered by upstream. At a certain point, getting your
software directly from upstream might make more sense.
If that
means switching to bundled libraries, then fine. But all bundled
libraries need to be documented in the spec file and that information
needs to be kept up to date.
Provides: bundled(foo) is very important. With this, every time a CVE
is found in a dependent library, Product Security is going to report a
bug against Java, and it will be expected to be fixed in Java. It's a
lot of extra responsibility. Without the Provides, tracking such issues
is impractical. Every bundled library needs a Provides, not only the
ones that would be affected by this change.
Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
