On Thu, Sep 15, 2022 at 11:54:13AM -0700, Adam Williamson wrote: > On Thu, 2022-09-15 at 10:55 -0700, Kevin Fenzi wrote: > > On Thu, Sep 15, 2022 at 09:26:36AM +0300, Alexander Bokovoy wrote: > > > > > > Proven packagers seem to be a fair category to address. Also packagers > > > responsible for security-related bits of the distribution. Compilers? > > > > Well, as others noted in this thread, any packager has a lot of power. > > They can add a weak dep on something everyone has installed and pull > > their package in. Of course they likely only get to do that once. > > I kinda feel like we really ought to just stick a check for this > *somewhere*. An alert should pop up somewhere any time anyone adds a > Supplements: line to *anything*. It's a sufficiently odd thing to do > that it shouldn't happen very often, I think... > > I suspect in the past the answer to this would be "Patrick probably > does it already". Did we find a Patrick 2.0 yet? :D Ha. no. There is a hook we have that notifies people when someone adds an exclude/exclusivearch. We could make another one that checks for Suggests I suppose. They could just add Requires tho, or add something that makes the auto dep generating scripts add a requires or suggests. So, perhaps a CI check would be better, to check the actual produced binary package. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
