On Thu, 2022-09-15 at 10:55 -0700, Kevin Fenzi wrote: > On Thu, Sep 15, 2022 at 09:26:36AM +0300, Alexander Bokovoy wrote: > > > > Proven packagers seem to be a fair category to address. Also packagers > > responsible for security-related bits of the distribution. Compilers? > > Well, as others noted in this thread, any packager has a lot of power. > They can add a weak dep on something everyone has installed and pull > their package in. Of course they likely only get to do that once. I kinda feel like we really ought to just stick a check for this *somewhere*. An alert should pop up somewhere any time anyone adds a Supplements: line to *anything*. It's a sufficiently odd thing to do that it shouldn't happen very often, I think... I suspect in the past the answer to this would be "Patrick probably does it already". Did we find a Patrick 2.0 yet? :D -- Adam Williamson Fedora QA IRC: adamw | Twitter: adamw_ha https://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
