Re: F39 Change Proposal: Build JDKs once, repack everywhere (System-Wide Change)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, May 31, 2023 at 07:32:09PM +0200, Vitaly Zaitsev via devel wrote:
> On 31/05/2023 19:24, Daniel P. Berrangé wrote:
> > Can you point to the specific guideline that this violates ?  I know we've
> > always expected that apps are built from pristine upstream source, but I'm
> > not finding the specific guideline that describes this right now.
> 
> This:
> 
> > All program binaries and program libraries included in Fedora packages
> > must be built from the source code that is included in the source
> > package.
> 
> Source:
> 
> https://docs.fedoraproject.org/en-US/packaging-guidelines/what-can-be-packaged/#prebuilt-binaries-or-libraries

So the important think there is the justification for why this policy
exists:

[quote]
This is a requirement for the following reasons:

    Security: Pre-packaged program binaries and program libraries not built from the source code could contain parts that are malicious, dangerous, or just broken. Also, these are functionally impossible to patch.

    Compiler Flags: Pre-packaged program binaries and program libraries not built from the source code were probably not compiled with standard Fedora compiler flags for security and optimization.
[/quote]

The proposal still satisfies the "Security" reasons. The also still
satisfies the "Compiler Flags" reason, albeit by using flags from an
earlier Fedora release. In any case, packages can already opt-out of
Fedora compiler flags at any time they wish.

Overall I'd say the JDK proposal still meets the spirit of the stated
guidelines and would be reasonable for FPC to approve as an exception.


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux