Hi,
On 02/03/2014 02:14 AM, Ralf Corsepius wrote:
[2nd attempt to answer to this. My initial response from quite a while age
seems to have gone lost.]
On 01/29/2014 12:12 PM, Alec Leamas wrote:
Formally, this is about review request 3152 for dropbox-repo [1]. From
a more practical POV, it's about users being able to install software
like dropbox more or less "out of the box", an area where I think we
really need to improve (as can be seen in all those "Fedora XX post
installation guide" out there).
My basic understanding is that current Fedora guidelines needs a
interpretation in the rpmfusion context. Those brand new GL for 3-rd
party repos are in [2] (discussions in [3]). For now, I think they can
be abridged to:
- Non-free repos can not be part of Fedora yum configuration.
- In some cases free repos can be part of the configuration after
FESCO/Fedora legal approval.
Now, IMHO this doesn't really make much sense for rpmfusion for three reasons:
- rpmfusion does not ban non-free software, it's one of the very
reasons it exists.
- FESCO/Fedora legal cannot approve anything in rpmfusion.
- We already have a list of endorsed 3-rd party repos [4].
To handle this, my simple proposal is that we handles packaged yum
repositories like this:
- It's ok to package yum repositories listed in [4].
- If anyone wants to change the list in [4] this should be announced
here on rpmfusion-devel, and not done until we agree on it (similar to
how we handle bundling exceptions).
Thoughts. out there?
All in all, I am not OK with rpmfusion shipping other party's repos, because
such repos are out of Fedora's/Rpmfusion's control/influence.
They open up an arbitrary amount of opportunities for these 3rd parties to
break, corrupt and damage Fedora installations (Package conflicts, low quality
packages, malware, spyware, intruded/dead/broken 3rd party servers, etc),
without Fedora/RPMfusion being able to do anything against it.
In other words, I'd recommend not doing so, because you guys are likely to be facing very
tough times in cases something goes wrong with these "endorsed 3rd party repos".
+1
Regards,
Hans
