-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I submitted this to the Advisory Board, but I'm including it here since there's a lot of discussion ongoing about the nature of bundled libraries in Fedora. In the cases where removing libraries wouldn't be possible without extensive upstream work, we should rewrite the rules around the use of http://fedoraproject.org/wiki/Fedorapeople_Repos repositories to allow such packages in an unofficial capacity. Right now, they require an agreement that all packages being hosted meets with Fedora Packaging Guidelines in full, but I suspect that the Board could consider reducing this restriction to "In compliance with Fedora Legal guidelines" instead. So we could at least have a central semi-official repository where these packages could be made available to those who need them (separate from Fedora and unsigned so those using them *know* they're not official or fully-supported) while efforts are made to bring the project into full compliance, at which time it should become an official package. The benefits of this would be that contentious packages could still have a definitive delivery mechanism in keeping with Fedora's style. While the package itself wouldn't fit into the official yum repositories, it could still keep a set of maintainers (who would hopefully be actively working with upstream to resolve the bundling issues at the same time). The specific use-case I'm trying to address with this proposal was brought up by Jeroen van Meeuwen on the Advisory Board mailing list. A package like rubygen-passenger, which enjoys heavy use in the real world, but can't be carried in Fedora due to a forked, bundled version of the Boost utility library, could be carried in this unofficial repository. Right now (according to Jeroen), it's very common for deployments relying on this package to just roll their own from the source tarball. - From Jeroen's original email: "This means that meanwhile, thousands of us downstream consumers run rubygem-passenger customly built, packaged (maybe) and deployed to production, whatever was the latest version when someone had a chance to look for updates. Bad, bad, bad. Very bad." I think we definitely want Fedora users to be able to use a common package for their deployments, even if it's not signed and carried in the official repository. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzK6KgACgkQeiVVYja6o6OZ4gCePg6kXYMRTXQjF463WVhNSx31 t2YAnRUlF8c+oaUzFNXUKcjAG+H/JPPG =wOAD -----END PGP SIGNATURE----- -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging
