On 04/17/2015 05:21 AM, Nico Kadel-Garcia wrote:
On Mon, Apr 13, 2015 at 2:15 AM, Ralf Corsepius <rc040...@freenet.de> wrote:
On 04/12/2015 09:01 PM, Elder Marco wrote:
Hello,
Since version 2.x.x. plowshare is not shipped with modules anymore.
There are two repositories. The main repository [1], with the core
package, and a new repository, with the modules [2].
I have never used plowshare nor do I know what it is used for.
Due the massive change of hosters, the modules are always beeing
updated, and a little tool "plowmod" deal with modules updates. This
tool can install and update the modules locally, which is much better
than to provide the modules inside the package.
So, upstream recommends to deal with "plowshare" core only, which it is
quite stable. And I agree.
So, the question is: Am I violating Fedora Packaging Guidelines if I do
not provide the modules into fedora repositories?
Letting applications install something into system-wide directories outside
of rpm is not allowed in Fedora.
Note that is's not preventable: Python, CPAN, and rubygems all have
strong support for this,
We have a Fedora packaging rule which disallows all system-wide
installations outside of rpm's control.
The reasons for this conventions are
* system-consistency
* system-security
* testing
The only gap left open is installing into user private directories.
But I don't think the FPG formally disallows installing arbitrary
executables from arbitrary sites into private user directories as part of
applications.
And I'm very grateful for the very nice people who sort out the
dependencies and build up SRPM's rather than saying "dude!!! just run
CPAN".
I consider people, who run CPAN to be not knowing what they are doing.
The are shooting themselves into their own foot.
Wrt. perl, CPAN vs. rpm installation issues and users having broken CPAN
modules in their system is a common cause for people facing perl issue.
plowmod seems to be more like SpamAssassin: it can be RPM packaged,
but its out of date *really fast* and it's very difficult to keep the
modules packaged.
Well, I can understand why its convenient to users, but these users
probably will only comprehend that such practices are wide open doors to
all kind of malicious people and technical issues, when they will be
personally affected.
To cut a long story short: One of the reasons for Linux being considered
safer than other OSes is being very reluctant against "per-user installs".
Ralf
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
