As Fedora users and contributors, we profit a lot from everything that RedHat provides to the Fedora project, be it infra, people-power or "leverage" (talking to vendors etc.). In turn, RedHat can expect a certain amount of understanding from "us" for their business interests, which include legal liabilities, of course. Understanding is helped greatly by communication, though. Legal answers such as "We can not" do not further this understanding, and "We can not and we can not tell you why" is not much better, but these are the typical answer we get, not even with a "sorry, but we can't". Obviously, these legal questions are difficult to explain, but it can't be true that each such case is under a "gag order". This non-transparency is orthogonal to our first F and hurts all efforts to increase the number of contributors. Now, I don't expect the communication issue to be resolved any time soon. Therefore it's important to work on the other major friction point: How difficult do we make it for users/contributors to get the missing bits that they need or can (because they are no distributors, in a different jurisdiction etc.)? rpmfusion/gstreamer is a prime example of how things can work flawlessly, and takes into account all interests. ffmpeg is a prime example of "in your face", of course, and I'm happy to read that it may get resolved. The other big issue are our hobbled sources: We cannot store some original sources in the look-aside cache, obviously. But packages such as openssl do not even specify a hash nor an url for the un-hobbled sources. This makes it unncessarily difficult to verify that our openssl package has indeed been built against against the hobbled version of the original sources - for a package like openssl this really is a trust issue (and might even violate our packaging guidelines, but I'm not a lawyer...). As a side effect, it makes it unnecesarily difficult to rebuild the package locally (though it does not effectively inhibit it either, of course; it is not an "effective measure" for that cause). I do understand that providing a functional link can be construed to be "redistribution", but in the context of a spec file, a comment really is a reference to the "source of the source", without which we cannot even claim to distribute the hobbled version legally (and without which we have no trust chain). Note that depending on the legal outcome mesa might have to go the hobbled route, too: simply disabling the codecs in %build does not change anything about redistributing the source. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue