Re: F39 Change Proposal: Build JDKs once, repack everywhere (System-Wide Change)

Wed, 31 May 2023 10:46:06 -0700 

On Wed, May 31, 2023 at 07:32:09PM +0200, Vitaly Zaitsev via devel wrote:
> On 31/05/2023 19:24, Daniel P. Berrangé wrote:
> > Can you point to the specific guideline that this violates ?  I know we've
> > always expected that apps are built from pristine upstream source, but I'm
> > not finding the specific guideline that describes this right now.
> 
> This:
> 
> > All program binaries and program libraries included in Fedora packages
> > must be built from the source code that is included in the source
> > package.
> 
> Source:
> 
> https://docs.fedoraproject.org/en-US/packaging-guidelines/what-can-be-packaged/#prebuilt-binaries-or-libraries

So the important think there is the justification for why this policy
exists:

[quote]
This is a requirement for the following reasons:

    Security: Pre-packaged program binaries and program libraries not built 
from the source code could contain parts that are malicious, dangerous, or just 
broken. Also, these are functionally impossible to patch.

    Compiler Flags: Pre-packaged program binaries and program libraries not 
built from the source code were probably not compiled with standard Fedora 
compiler flags for security and optimization.
[/quote]

The proposal still satisfies the "Security" reasons. The also still
satisfies the "Compiler Flags" reason, albeit by using flags from an
earlier Fedora release. In any case, packages can already opt-out of
Fedora compiler flags at any time they wish.

Overall I'd say the JDK proposal still meets the spirit of the stated
guidelines and would be reasonable for FPC to approve as an exception.


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to