On Tue, 17 Feb 2015 18:13:23 +0100, Ralf Corsepius wrote:
On 02/17/2015 05:59 PM, Matthew Miller wrote:
On Tue, Feb 17, 2015 at 05:39:48PM +0100, Ralf Corsepius wrote:
Why not to create a new repository with reduced policy as
Stephen proposed with the one-way dependency rule (between
On Fri, Feb 27, 2015 at 12:32 PM, Michael Schwendt mschwe...@gmail.com wrote:
On Tue, 17 Feb 2015 18:13:23 +0100, Ralf Corsepius wrote:
On 02/17/2015 05:59 PM, Matthew Miller wrote:
On Tue, Feb 17, 2015 at 05:39:48PM +0100, Ralf Corsepius wrote:
Why not to create a new repository with
On Fri, 2015-02-27 at 18:32 +0100, Michael Schwendt wrote:
On Tue, 17 Feb 2015 18:13:23 +0100, Ralf Corsepius wrote:
On 02/17/2015 05:59 PM, Matthew Miller wrote:
On Tue, Feb 17, 2015 at 05:39:48PM +0100, Ralf Corsepius wrote:
Why not to create a new repository with reduced policy as
On Sat, Feb 21, 2015 at 04:33:41AM +0100, Lars Seipel wrote:
Any new package that is *not* going to be part of the install media set
is required to pass a lighter review and is permitted to carry bundled
libraries, with caveats to be listed below.
What would be the place for higher-quality
On Thu, Feb 12, 2015 at 01:32:04PM -0500, Stephen Gallagher wrote:
=== Core Packages ===
Any package that is provided on a release-blocking medium (which at
present includes Fedora Atomic, Fedora Cloud, Fedora Server, Fedora
Workstation, the KDE Spin and several ARM images) must comply exactly
Dne 17.2.2015 v 17:18 Petr Pisar napsal(a):
On 2015-02-17, Josh Boyer jwbo...@fedoraproject.org wrote:
On Thu, Feb 12, 2015 at 1:32 PM, Stephen Gallagher
sgall...@redhat.com wrote:
== Proposal ==
With these things in mind, I'd like to propose that we amend the
packaging policy by splitting
On Tue, Feb 17, 2015 at 06:13:23PM +0100, Ralf Corsepius wrote:
Core vs. Extras.) But no one is proposing a _society_-based distinction
— instead, a _technical_ one.
I know and understand this, but I expect the outcome to be the same:
Ring 0 == Red Hat
Ring 1 == The Red Hat
Dne 18.2.2015 v 12:52 Rahul Sundaram napsal(a):
Hi
What is wrong with using Copr for the ring packages. It already
works
just fine (may be BZ is missing). There are no reviews, no guidelines,
you can bundle ... I believe that everybody understands that while
Hi
What is wrong with using Copr for the ring packages. It already works
just fine (may be BZ is missing). There are no reviews, no guidelines,
you can bundle ... I believe that everybody understands that while Copr
is supported by Fedora, you are using these packages on your own risk. I
On Wed, Feb 18, 2015 at 08:58:34AM -0500, Stephen Gallagher wrote:
On Mon, 2015-02-16 at 17:03 +0100, Kevin Kofler wrote:
So, for my counterproposal:
I propose that packagers with a sufficient level of trust (packager
sponsors, provenpackagers, or a new, yet-to-be-defined group (maybe
On 2015-02-18, Vít Ondruch vondr...@redhat.com wrote:
Dne 18.2.2015 v 12:52 Rahul Sundaram napsal(a):
What is wrong with using Copr for the ring packages. It already
works
just fine (may be BZ is missing). There are no reviews, no guidelin=
es,
you can bundle ... I believe
On Mon, 2015-02-16 at 17:03 +0100, Kevin Kofler wrote:
So, for my counterproposal:
I propose that packagers with a sufficient level of trust (packager
sponsors, provenpackagers, or a new, yet-to-be-defined group (maybe
packagers with at least N packages)) be allowed to import new packages
On 2015-02-17, Josh Boyer jwbo...@fedoraproject.org wrote:
On Thu, Feb 12, 2015 at 1:32 PM, Stephen Gallagher
sgall...@redhat.com wrote:
== Proposal ==
With these things in mind, I'd like to propose that we amend the
packaging policy by splitting it into two forms:
I think this needs to go
On Tue, Feb 17, 2015 at 05:39:48PM +0100, Ralf Corsepius wrote:
Why not to create a new repository with reduced policy as
Stephen proposed with the one-way dependency rule (between current
Fedora and the new easy-for-beginners repository)?
Because this would establish a 2-class society, with
On Wed, Feb 18, 2015 at 12:54:24AM +0800, Mathieu Bridon wrote:
Le mardi 17 février 2015 à 17:39 +0100, Ralf Corsepius a écrit :
On 02/17/2015 05:18 PM, Petr Pisar wrote:
Why not to create a new repository with reduced policy as
Stephen proposed with the one-way dependency rule
Also RH and other distros history repeatedly has told the lesson
such will not fly and are doomed to fail.
It seems to have been working just fine in RPMFusion, where the free
and nonfree repositories have different standards for inclusion, and
where packages in nonfree can depend on
Le mardi 17 février 2015 à 17:39 +0100, Ralf Corsepius a écrit :
On 02/17/2015 05:18 PM, Petr Pisar wrote:
Why not to create a new repository with reduced policy as
Stephen proposed with the one-way dependency rule (between current
Fedora and the new easy-for-beginners repository)?
On 02/17/2015 05:54 PM, Mathieu Bridon wrote:
Le mardi 17 février 2015 à 17:39 +0100, Ralf Corsepius a écrit :
On 02/17/2015 05:18 PM, Petr Pisar wrote:
Why not to create a new repository with reduced policy as
Stephen proposed with the one-way dependency rule (between current
Fedora and the
On 02/17/2015 05:18 PM, Petr Pisar wrote:
Why not to create a new repository with reduced policy as
Stephen proposed with the one-way dependency rule (between current
Fedora and the new easy-for-beginners repository)?
Because this would establish a 2-class society, with double standards
On 02/17/2015 05:59 PM, Matthew Miller wrote:
On Tue, Feb 17, 2015 at 05:39:48PM +0100, Ralf Corsepius wrote:
Why not to create a new repository with reduced policy as
Stephen proposed with the one-way dependency rule (between current
Fedora and the new easy-for-beginners repository)?
Because
On Thu, Feb 12, 2015 at 1:32 PM, Stephen Gallagher sgall...@redhat.com wrote:
== Proposal ==
With these things in mind, I'd like to propose that we amend the
packaging policy by splitting it into two forms:
I think this needs to go beyond simple policy. It needs some
buildsystem enforcement
Am 17.02.2015 um 17:54 schrieb Mathieu Bridon:
Le mardi 17 février 2015 à 17:39 +0100, Ralf Corsepius a écrit :
On 02/17/2015 05:18 PM, Petr Pisar wrote:
Why not to create a new repository with reduced policy as
Stephen proposed with the one-way dependency rule (between current
Fedora and
On Tue, Feb 17, 2015 at 08:05:30PM +0100, Reindl Harald wrote:
Am 17.02.2015 um 17:54 schrieb Mathieu Bridon:
Le mardi 17 février 2015 à 17:39 +0100, Ralf Corsepius a écrit :
On 02/17/2015 05:18 PM, Petr Pisar wrote:
Why not to create a new repository with reduced policy as
Stephen
Stephen Gallagher wrote:
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
TL;DR: No, at least not in the form you propose (allowing bundled
libraries). See also my counterproposal below (voiced already in the oral
On Mon, 16 Feb 2015 17:03:51 +0100, Kevin Kofler wrote:
So, for my counterproposal:
I propose that packagers with a sufficient level of trust (packager
sponsors, provenpackagers, or a new, yet-to-be-defined group (maybe
packagers with at least N packages)) be allowed to import new packages
On Sun, 15 Feb 2015 13:32:57 -0600
Jason L Tibbitts III ti...@math.uh.edu wrote:
KF == Kevin Fenzi ke...@scrye.com writes:
...snip...
KF Additionally, FPC folks have done a great job recently (mostly due
KF to Tibbs hard work) in catching up with their backlog. Bundling
KF requests I would
KF == Kevin Fenzi ke...@scrye.com writes:
KF I know in the past the FPC has talked about relaxing the bundling
KF guidelines, perhaps we could get some of them to weigh in here?
Yeah, we had a big discussion about that a while back, where we sort of
agreed on a basic change of philosophy
On Thu, Feb 12, 2015 at 7:32 PM, Stephen Gallagher sgall...@redhat.com wrote:
(Logistical note: please keep all replies to this thread on
devel@lists.fedoraproject.org)
[...]
=== Core Packages ===
Any package that is provided on a release-blocking medium (which at
present includes Fedora
On 02/12/2015 07:32 PM, Stephen Gallagher wrote:
(Logistical note: please keep all replies to this thread on
devel@lists.fedoraproject.org)
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
== Premise ==
So, some time
On Fri Feb 13 2015 at 2:02:27 AM Colin Walters walt...@verbum.org wrote:
On Thu, Feb 12, 2015, at 01:32 PM, Stephen Gallagher wrote:
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
It's worth noting here that
* Paul Howarth [12/02/2015 20:05] :
We generally have requires for most optional functionality in Perl
packages at the moment, to avoid bugs being raised about missing
dependencies when people try to use that optional functionality.
Based on past emails, I suspect that Colin wishes nothing in
On Fri, 13 Feb 2015 13:54:59 +0100, Ralf Corsepius wrote:
Meanwhile, we've had much more critical vulnerablities in widely used
libs (Remember heartbleed), which all have been quite easy to fix
packaging-wise. IMO, to a great portion, thanks to having mostly banned
static linkage and
On 13 February 2015 at 13:06, Michael Schwendt mschwe...@gmail.com wrote:
On Thu, 12 Feb 2015 16:49:13 -0500, Stephen Gallagher wrote:
On Thu, 2015-02-12 at 20:18 +0100, Alec Leamas wrote:
On 12/02/15 19:32, Stephen Gallagher wrote:
(Logistical note: please keep all replies to this thread
On Fri, 2015-02-13 at 13:54 +0100, Ralf Corsepius wrote:
On 02/13/2015 10:56 AM, Petr Spacek wrote:
Modified version of Zbyszek's idea with time constraints follows:
1) Accept the new package into Fedora N even with bundled libraries.
I am inclined to be Fedora needs to encounter a
Hi
On Fri, Feb 13, 2015 at 11:40 AM, Ian Malone wrote:
Thanks. I think when I'd looked at it I'd discounted the review and
comment on others' submissions process as it would seem to require you
to have a better idea of what you're doing than the person submitting
the package, and potentially
On 02/13/2015 04:51 PM, Matthew Miller wrote:
On Fri, Feb 13, 2015 at 04:43:53PM +0100, Ralf Corsepius wrote:
words, I think it might be reasonable to have bundling in the outer
rings be a blacklist rather than a whitelist, so long as we can always
find out with a simple repoquery what contains
On 13 February 2015 at 15:35, Michael Schwendt mschwe...@gmail.com wrote:
On Fri, 13 Feb 2015 14:00:07 +, Ian Malone wrote:
Actually, a question I have about this is how it will impact people
trying to become maintainers. When I last checked (it may have
changed) the only way to do that
On 02/12/2015 07:32 PM, Stephen Gallagher wrote:
Second, I will call attention to the fact that different Fedora
users have very different needs from the software. For example,
those running Fedora Server and Fedora Cloud are likely far more
concerned with Fedora as a *deployment* platform
On 13 February 2015 at 09:05, Ralf Corsepius rc040...@freenet.de wrote:
On 02/13/2015 04:51 PM, Matthew Miller wrote:
On Fri, Feb 13, 2015 at 04:43:53PM +0100, Ralf Corsepius wrote:
words, I think it might be reasonable to have bundling in the outer
rings be a blacklist rather than a
On Fri, Feb 13, 2015 at 6:06 AM, Michael Schwendt mschwe...@gmail.com wrote:
On Thu, 12 Feb 2015 16:49:13 -0500, Stephen Gallagher wrote:
Ultimately, it's about one thing: Help get more software into Fedora
without scaring people away.
What is the background for this? Who has been scared
On Fri, 13 Feb 2015 17:45:23 -0700, Ken Dreyer wrote:
On Thu, 12 Feb 2015 16:49:13 -0500, Stephen Gallagher wrote:
Ultimately, it's about one thing: Help get more software into Fedora
without scaring people away.
What is the background for this? Who has been scared away?
Here's one
On 14/02/15 01:45, Ken Dreyer wrote:
Here's the new policy that I would vote for:
1) We allow bundled libraries, and each bundled library MUST have a
virtual Provides: bundled(foo) in the RPM spec. (The packager SHOULD
provide a version number too, with the admission that it is
On 02/13/2015 08:20 PM, Florian Weimer wrote:
I have some people express the notation that they can always switch to
the system library version in case a security vulnerability comes out,
but I doubt that this works in practice (because then there wouldn't
be a reason for bundling).
It
(Logistical note: please keep all replies to this thread on
devel@lists.fedoraproject.org)
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
== Premise ==
So, some time ago, we started talking about dividing up the
On Thu, Feb 12, 2015, at 01:32 PM, Stephen Gallagher wrote:
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
It's worth noting here that having two levels is not really going
to be new to the ecosystem; e.g. Ubuntu
On Thu, 2015-02-12 at 14:01 -0500, Colin Walters wrote:
On Thu, Feb 12, 2015, at 01:32 PM, Stephen Gallagher wrote:
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
It's worth noting here that having two
On 12/02/15 19:32, Stephen Gallagher wrote:
(Logistical note: please keep all replies to this thread on
devel@lists.fedoraproject.org)
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
Thanks for bringing this up. We
On Thu, 12 Feb 2015 14:01:43 -0500
Colin Walters walt...@verbum.org wrote:
On Thu, Feb 12, 2015, at 01:32 PM, Stephen Gallagher wrote:
tl;dr Shall we consider requiring a lesser package review for
packages that are not present on Product or Spin install media?
It's worth noting here
Stephen Gallagher wrote:
* The package *MAY* contain bundled libraries or other projects, but if
it does so, it *MUST* contain a Provides: bundled(pkg) = version for
each such bundling. This is done so that we can use the meta-data to
identify which packages may be vulnerable in the event of a
On Thu, Feb 12, 2015 at 01:32:04PM -0500, Stephen Gallagher wrote:
(Logistical note: please keep all replies to this thread on
devel@lists.fedoraproject.org)
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
Despite
50 matches
Mail list logo