On Thu, Sep 10, 2020 at 01:50:55PM +0100, Joe Orton wrote: > 4. The benefit we want to preserve from modules is to maintain packages > with varying expectation of quality, specifically separating the > build-time-only vs runtime dependencies. e.g. in that case that a web > server like Eclipse Jetty is required as a dep for testing another > component during the build, we want to be able to use and build that > component, without being indefinitely on the hook for security errata. > (The build dependency tree is particularly complex for Maven and > involves many examples of packages with frequent and high severity > vulnerabilies)
What are you doing different in terms of supporting deps in the module that reduces the security errata burden, compared to non-modular builds ? It feels like if we have some policy that is creating unsustainable maint burden wrt non-modular packaging, we should re-examine this policy rather than trying to workaround it by going modular, which creates a different kind of maint burden. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
