On Fri, 2015-02-27 at 18:32 +0100, Michael Schwendt wrote:
> On Tue, 17 Feb 2015 18:13:23 +0100, Ralf Corsepius wrote:
>
> > On 02/17/2015 05:59 PM, Matthew Miller wrote:
> > > On Tue, Feb 17, 2015 at 05:39:48PM +0100, Ralf Corsepius wrote:
> > > > > Why not to create a new repository with reduced
On Fri, Feb 27, 2015 at 12:32 PM, Michael Schwendt wrote:
> On Tue, 17 Feb 2015 18:13:23 +0100, Ralf Corsepius wrote:
>
>> On 02/17/2015 05:59 PM, Matthew Miller wrote:
>> > On Tue, Feb 17, 2015 at 05:39:48PM +0100, Ralf Corsepius wrote:
>> >>> Why not to create a new repository with reduced polic
On Tue, 17 Feb 2015 18:13:23 +0100, Ralf Corsepius wrote:
> On 02/17/2015 05:59 PM, Matthew Miller wrote:
> > On Tue, Feb 17, 2015 at 05:39:48PM +0100, Ralf Corsepius wrote:
> >>> Why not to create a new repository with reduced policy as
> >>> Stephen proposed with the one-way dependency rule (bet
On Sat, Feb 21, 2015 at 04:33:41AM +0100, Lars Seipel wrote:
> > Any new package that is *not* going to be part of the install media set
> > is required to pass a lighter review and is permitted to carry bundled
> > libraries, with caveats to be listed below.
> What would be the place for higher-qu
On Thu, Feb 12, 2015 at 01:32:04PM -0500, Stephen Gallagher wrote:
> === Core Packages ===
> Any package that is provided on a release-blocking medium (which at
> present includes Fedora Atomic, Fedora Cloud, Fedora Server, Fedora
> Workstation, the KDE Spin and several ARM images) must comply exac
On Tue, Feb 17, 2015 at 06:13:23PM +0100, Ralf Corsepius wrote:
> >Core vs. Extras.) But no one is proposing a _society_-based distinction
> >— instead, a _technical_ one.
>
> I know and understand this, but I expect the outcome to be the same:
>
> Ring 0 == Red Hat
> Ring 1 == The Red Hat busine
On 2015-02-18, Vít Ondruch wrote:
> Dne 18.2.2015 v 12:52 Rahul Sundaram napsal(a):
>>
>> What is wrong with using Copr for the "ring packages". It already
>> works
>> just fine (may be BZ is missing). There are no reviews, no guidelin=
> es,
>> you can bundle ... I believe that ev
On Wed, Feb 18, 2015 at 08:58:34AM -0500, Stephen Gallagher wrote:
> On Mon, 2015-02-16 at 17:03 +0100, Kevin Kofler wrote:
> > So, for my counterproposal:
> > I propose that packagers with a sufficient level of trust (packager
> > sponsors, provenpackagers, or a new, yet-to-be-defined group (mayb
On Mon, 2015-02-16 at 17:03 +0100, Kevin Kofler wrote:
> So, for my counterproposal:
> I propose that packagers with a sufficient level of trust (packager
> sponsors, provenpackagers, or a new, yet-to-be-defined group (maybe
> packagers with at least N packages)) be allowed to import new packa
Dne 18.2.2015 v 12:52 Rahul Sundaram napsal(a):
>
> Hi
>
>
>
> What is wrong with using Copr for the "ring packages". It already
> works
> just fine (may be BZ is missing). There are no reviews, no guidelines,
> you can bundle ... I believe that everybody understands that wh
Hi
>
> What is wrong with using Copr for the "ring packages". It already works
> just fine (may be BZ is missing). There are no reviews, no guidelines,
> you can bundle ... I believe that everybody understands that while Copr
> is supported by Fedora, you are using these packages on your own risk
Dne 17.2.2015 v 17:18 Petr Pisar napsal(a):
> On 2015-02-17, Josh Boyer wrote:
>> On Thu, Feb 12, 2015 at 1:32 PM, Stephen Gallagher
>> wrote:
>>> == Proposal ==
>>> With these things in mind, I'd like to propose that we amend the
>>> packaging policy by splitting it into two forms:
>> I think th
On Tue, Feb 17, 2015 at 08:05:30PM +0100, Reindl Harald wrote:
>
> Am 17.02.2015 um 17:54 schrieb Mathieu Bridon:
> >Le mardi 17 février 2015 à 17:39 +0100, Ralf Corsepius a écrit :
> >>On 02/17/2015 05:18 PM, Petr Pisar wrote:
> >>
> >>>Why not to create a new repository with reduced policy as
>
Am 17.02.2015 um 17:54 schrieb Mathieu Bridon:
Le mardi 17 février 2015 à 17:39 +0100, Ralf Corsepius a écrit :
On 02/17/2015 05:18 PM, Petr Pisar wrote:
Why not to create a new repository with reduced policy as
Stephen proposed with the one-way dependency rule (between current
Fedora and the
On 02/17/2015 05:59 PM, Matthew Miller wrote:
On Tue, Feb 17, 2015 at 05:39:48PM +0100, Ralf Corsepius wrote:
Why not to create a new repository with reduced policy as
Stephen proposed with the one-way dependency rule (between current
Fedora and the new easy-for-beginners repository)?
Because t
> >
> > Also RH and other distros history repeatedly has told the lesson
> > such will not fly and are doomed to fail.
>
> It seems to have been working just fine in RPMFusion, where the free
> and nonfree repositories have different standards for inclusion, and
> where packages in nonfree can depe
On Wed, Feb 18, 2015 at 12:54:24AM +0800, Mathieu Bridon wrote:
> Le mardi 17 février 2015 à 17:39 +0100, Ralf Corsepius a écrit :
> > On 02/17/2015 05:18 PM, Petr Pisar wrote:
> >
> > > Why not to create a new repository with reduced policy as
> > > Stephen proposed with the one-way dependency ru
On 02/17/2015 05:54 PM, Mathieu Bridon wrote:
Le mardi 17 février 2015 à 17:39 +0100, Ralf Corsepius a écrit :
On 02/17/2015 05:18 PM, Petr Pisar wrote:
Why not to create a new repository with reduced policy as
Stephen proposed with the one-way dependency rule (between current
Fedora and the n
On Tue, Feb 17, 2015 at 05:39:48PM +0100, Ralf Corsepius wrote:
> >Why not to create a new repository with reduced policy as
> >Stephen proposed with the one-way dependency rule (between current
> >Fedora and the new easy-for-beginners repository)?
> Because this would establish a 2-class society,
Le mardi 17 février 2015 à 17:39 +0100, Ralf Corsepius a écrit :
> On 02/17/2015 05:18 PM, Petr Pisar wrote:
>
> > Why not to create a new repository with reduced policy as
> > Stephen proposed with the one-way dependency rule (between current
> > Fedora and the new easy-for-beginners repository)
On 02/17/2015 05:18 PM, Petr Pisar wrote:
Why not to create a new repository with reduced policy as
Stephen proposed with the one-way dependency rule (between current
Fedora and the new easy-for-beginners repository)?
Because this would establish a 2-class society, with double standards
stand
On 2015-02-17, Josh Boyer wrote:
> On Thu, Feb 12, 2015 at 1:32 PM, Stephen Gallagher
> wrote:
>> == Proposal ==
>> With these things in mind, I'd like to propose that we amend the
>> packaging policy by splitting it into two forms:
>
> I think this needs to go beyond simple policy. It needs som
On Thu, Feb 12, 2015 at 1:32 PM, Stephen Gallagher wrote:
> == Proposal ==
> With these things in mind, I'd like to propose that we amend the
> packaging policy by splitting it into two forms:
I think this needs to go beyond simple policy. It needs some
buildsystem enforcement as well.
> === Co
On Mon, 16 Feb 2015 17:03:51 +0100, Kevin Kofler wrote:
> So, for my counterproposal:
> I propose that packagers with a sufficient level of trust (packager
> sponsors, provenpackagers, or a new, yet-to-be-defined group (maybe
> packagers with at least N packages)) be allowed to import new packag
Stephen Gallagher wrote:
> tl;dr Shall we consider requiring a lesser package review for packages
> that are not present on Product or Spin install media?
TL;DR: No, at least not in the form you propose (allowing bundled
libraries). See also my counterproposal below (voiced already in the oral
d
On Thu, Feb 12, 2015 at 7:32 PM, Stephen Gallagher wrote:
> (Logistical note: please keep all replies to this thread on
> devel@lists.fedoraproject.org)
> [...]
> === Core Packages ===
> Any package that is provided on a release-blocking medium (which at
> present includes Fedora Atomic, Fedora Cl
On Sun, 15 Feb 2015 13:32:57 -0600
Jason L Tibbitts III wrote:
> > "KF" == Kevin Fenzi writes:
...snip...
> KF> Additionally, FPC folks have done a great job recently (mostly due
> KF> to Tibbs hard work) in catching up with their backlog. Bundling
> KF> requests I would think would be muc
> "KF" == Kevin Fenzi writes:
KF> I know in the past the FPC has talked about relaxing the bundling
KF> guidelines, perhaps we could get some of them to weigh in here?
Yeah, we had a big discussion about that a while back, where we sort of
agreed on a basic change of philosophy regarding som
On 02/13/2015 08:20 PM, Florian Weimer wrote:
I have some people express the notation that they can always switch to
the system library version in case a security vulnerability comes out,
but I doubt that this works in practice (because then there wouldn't
be a reason for bundling).
It sometim
On 14/02/15 01:45, Ken Dreyer wrote:
Here's the new policy that I would vote for:
1) We allow bundled libraries, and each bundled library MUST have a
virtual Provides: bundled(foo) in the RPM spec. (The packager SHOULD
provide a version number too, with the admission that it is sometime
On 02/13/2015 08:14 PM, Florian Weimer wrote:
On 02/12/2015 07:32 PM, Stephen Gallagher wrote:
Second, I will call attention to the fact that different Fedora
users have very different needs from the software. For example,
those running Fedora Server and Fedora Cloud are likely far more
concerne
On Fri, 13 Feb 2015 17:45:23 -0700, Ken Dreyer wrote:
> > On Thu, 12 Feb 2015 16:49:13 -0500, Stephen Gallagher wrote:
> >> Ultimately, it's about one thing: Help get more software into Fedora
> >> without scaring people away.
> >
> > What is the background for this? Who has been scared away?
>
>
On Fri, Feb 13, 2015 at 6:06 AM, Michael Schwendt wrote:
> On Thu, 12 Feb 2015 16:49:13 -0500, Stephen Gallagher wrote:
>> Ultimately, it's about one thing: Help get more software into Fedora
>> without scaring people away.
>
> What is the background for this? Who has been scared away?
Here's one
On 13 February 2015 at 09:05, Ralf Corsepius wrote:
> On 02/13/2015 04:51 PM, Matthew Miller wrote:
>
>> On Fri, Feb 13, 2015 at 04:43:53PM +0100, Ralf Corsepius wrote:
>>
>>> words, I think it might be reasonable to have bundling in the outer
rings be a blacklist rather than a whitelist, so
On Fri, 13 Feb 2015 16:40:25 +, Ian Malone wrote:
> >->
> > https://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group
> >
> > Submitting a new package is just _one_ of multiple ways to find a sponsor,
> > since it is an opportunity to demonstrate that you know packaging.
On 02/13/2015 04:13 PM, Stephen Gallagher wrote:
> I'd like to point out something that I think you missed in my
> initial email. I'm not saying that anything should be allowed to
> bundle software transparently. The primary problem we faced back in
> '99 was that *we didn't know what was bundling
On 02/12/2015 07:32 PM, Stephen Gallagher wrote:
> Second, I will call attention to the fact that different Fedora
> users have very different needs from the software. For example,
> those running Fedora Server and Fedora Cloud are likely far more
> concerned with Fedora as a *deployment* platform
On Thu, 12 Feb 2015 13:32:04 -0500
Stephen Gallagher wrote:
> (Logistical note: please keep all replies to this thread on
> devel@lists.fedoraproject.org)
>
> tl;dr Shall we consider requiring a lesser package review for packages
> that are not present on Product or Spin install media?
IMHO, no
Hi
On Fri, Feb 13, 2015 at 11:40 AM, Ian Malone wrote:
> Thanks. I think when I'd looked at it I'd discounted the review and
> comment on others' submissions process as it would seem to require you
> to have a better idea of what you're doing than the person submitting
> the package, and potentia
On 13 February 2015 at 15:35, Michael Schwendt wrote:
> On Fri, 13 Feb 2015 14:00:07 +, Ian Malone wrote:
>
>> Actually, a question I have about this is how it will impact people
>> trying to become maintainers. When I last checked (it may have
>> changed) the only way to do that was to create
On 02/13/2015 04:51 PM, Matthew Miller wrote:
On Fri, Feb 13, 2015 at 04:43:53PM +0100, Ralf Corsepius wrote:
words, I think it might be reasonable to have bundling in the outer
rings be a blacklist rather than a whitelist, so long as we can always
find out with a simple repoquery what contains
On Fri, Feb 13, 2015 at 04:43:53PM +0100, Ralf Corsepius wrote:
> >words, I think it might be reasonable to have bundling in the outer
> >rings be a blacklist rather than a whitelist, so long as we can always
> >find out with a simple repoquery what contains a package.
> To me, this idea is not hel
On 02/13/2015 04:13 PM, Stephen Gallagher wrote:
On Fri, 2015-02-13 at 13:54 +0100, Ralf Corsepius wrote:
On 02/13/2015 10:56 AM, Petr Spacek wrote:
Meanwhile, we've had much more critical vulnerablities in widely used
libs (Remember heartbleed), which all have been quite easy to fix
packa
On Fri, 13 Feb 2015 14:00:07 +, Ian Malone wrote:
> Actually, a question I have about this is how it will impact people
> trying to become maintainers. When I last checked (it may have
> changed) the only way to do that was to create a new package.
That isn't the only way to become a packager
Stephen Gallagher wrote:
> (Logistical note: please keep all replies to this thread on
> devel@lists.fedoraproject.org)
>
> tl;dr Shall we consider requiring a lesser package review for packages
> that are not present on Product or Spin install media?
I would welcome our new ring-based overlords
On Fri, 2015-02-13 at 13:54 +0100, Ralf Corsepius wrote:
> On 02/13/2015 10:56 AM, Petr Spacek wrote:
>
> > Modified version of Zbyszek's idea with time constraints follows:
> >
> > 1) Accept the new package into Fedora N even with bundled libraries.
>
> I am inclined to be Fedora needs to enc
On 13 February 2015 at 13:06, Michael Schwendt wrote:
> On Thu, 12 Feb 2015 16:49:13 -0500, Stephen Gallagher wrote:
>
>> On Thu, 2015-02-12 at 20:18 +0100, Alec Leamas wrote:
>> > On 12/02/15 19:32, Stephen Gallagher wrote:
>> > > (Logistical note: please keep all replies to this thread on
>> > >
On Fri, 13 Feb 2015 13:54:59 +0100, Ralf Corsepius wrote:
> Meanwhile, we've had much more critical vulnerablities in widely used
> libs (Remember heartbleed), which all have been quite easy to fix
> packaging-wise. IMO, to a great portion, thanks to having mostly banned
> static linkage and bu
On Thu, 12 Feb 2015 16:49:13 -0500, Stephen Gallagher wrote:
> On Thu, 2015-02-12 at 20:18 +0100, Alec Leamas wrote:
> > On 12/02/15 19:32, Stephen Gallagher wrote:
> > > (Logistical note: please keep all replies to this thread on
> > > devel@lists.fedoraproject.org)
> > >
> > > tl;dr Shall we con
On 02/13/2015 10:56 AM, Petr Spacek wrote:
Modified version of Zbyszek's idea with time constraints follows:
1) Accept the new package into Fedora N even with bundled libraries.
I am inclined to be Fedora needs to encounter a serious vulnerability
originating from bundling, such that you guy
* Paul Howarth [12/02/2015 20:05] :
>
> We generally have requires for most optional functionality in Perl
> packages at the moment, to avoid bugs being raised about missing
> dependencies when people try to use that optional functionality.
Based on past emails, I suspect that Colin wishes nothing
On 13.2.2015 02:11, Zbigniew Jędrzejewski-Szmek wrote:
> On Thu, Feb 12, 2015 at 01:32:04PM -0500, Stephen Gallagher wrote:
>> (Logistical note: please keep all replies to this thread on
>> devel@lists.fedoraproject.org)
>>
>> tl;dr Shall we consider requiring a lesser package review for packages
>
On Fri Feb 13 2015 at 2:02:27 AM Colin Walters wrote:
> On Thu, Feb 12, 2015, at 01:32 PM, Stephen Gallagher wrote:
>
> > tl;dr Shall we consider requiring a lesser package review for packages
> > that are not present on Product or Spin install media?
>
> It's worth noting here that having two le
On 2015-02-12, Paul Howarth wrote:
> We generally have requires for most optional functionality in Perl
> packages at the moment, to avoid bugs being raised about missing
> dependencies when people try to use that optional functionality.
>
> If there was consensus about use of soft dependencies, t
On 02/12/2015 07:32 PM, Stephen Gallagher wrote:
(Logistical note: please keep all replies to this thread on
devel@lists.fedoraproject.org)
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
== Premise ==
So, some time
Hi,
On 12-02-15 19:32, Stephen Gallagher wrote:
(Logistical note: please keep all replies to this thread on
devel@lists.fedoraproject.org)
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
== Premise ==
So, some time
On Thu, Feb 12, 2015 at 01:32:04PM -0500, Stephen Gallagher wrote:
> (Logistical note: please keep all replies to this thread on
> devel@lists.fedoraproject.org)
>
> tl;dr Shall we consider requiring a lesser package review for packages
> that are not present on Product or Spin install media?
Desp
Stephen Gallagher wrote:
>* The package *MAY* contain bundled libraries or other projects, but if
>it does so, it *MUST* contain a "Provides: bundled(pkg) = version" for
>each such bundling. This is done so that we can use the meta-data to
>identify which packages may be vulnerable in the event of
On Thu, 2015-02-12 at 20:18 +0100, Alec Leamas wrote:
> On 12/02/15 19:32, Stephen Gallagher wrote:
> > (Logistical note: please keep all replies to this thread on
> > devel@lists.fedoraproject.org)
> >
> > tl;dr Shall we consider requiring a lesser package review for packages
> > that are not p
On Thu, 12 Feb 2015 14:01:43 -0500
Colin Walters wrote:
> On Thu, Feb 12, 2015, at 01:32 PM, Stephen Gallagher wrote:
>
> > tl;dr Shall we consider requiring a lesser package review for
> > packages that are not present on Product or Spin install media?
>
> It's worth noting here that having tw
On 12/02/15 19:32, Stephen Gallagher wrote:
(Logistical note: please keep all replies to this thread on
devel@lists.fedoraproject.org)
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
Thanks for bringing this up. We
On Thu, 2015-02-12 at 14:01 -0500, Colin Walters wrote:
> On Thu, Feb 12, 2015, at 01:32 PM, Stephen Gallagher wrote:
>
> > tl;dr Shall we consider requiring a lesser package review for packages
> > that are not present on Product or Spin install media?
>
> It's worth noting here that having t
On Thu, Feb 12, 2015, at 01:32 PM, Stephen Gallagher wrote:
> tl;dr Shall we consider requiring a lesser package review for packages
> that are not present on Product or Spin install media?
It's worth noting here that having two levels is not really going
to be new to the ecosystem; e.g. Ubuntu h
(Logistical note: please keep all replies to this thread on
devel@lists.fedoraproject.org)
tl;dr Shall we consider requiring a lesser package review for packages
that are not present on Product or Spin install media?
== Premise ==
So, some time ago, we started talking about dividing up the Fedor
64 matches
Mail list logo
