-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-10-13 13:22, Marek Marczykowski-Górecki wrote:
> On Thu, Oct 13, 2016 at 11:30:39AM -0700, Andrew David Wong wrote:
>> On 2016-10-13 10:19, Marek Marczykowski-Górecki wrote:
>>> On Thu, Oct 13, 2016 at 02:21:24PM +0000, Manuel Amador (Rudd-O) wrote:
>>>> On 10/12/2016 10:16 PM, Marek Marczykowski-Górecki wrote:
>>>>> Hi,
>>>>>
>>>>> [...packagin 3rd party software...]
>>>>> Any thoughts?
>>>
>>>> I think it depends on whether the 3rd party software is meant to be
>>>> upstreamed into Qubes OS.
>>>
>>>> For example, in the case of my tools, I would like them to be
>>>> upstreamed, therefore the ideal thing to do would be to incorporate them
>>>> into the QubesOS Github org, and then add them as extra sources in the
>>>> builder.  That requires, of course, that Qubes OS the project provide a
>>>> proper process for vetting for upstreaming, and upstreaming vetted
>>>> software.  Ultimately the Qubes OS devs end up controlling that
>>>> software, and the future contribution process is simply based on pull
>>>> requests.
>>>
>>> This is generally a good idea, but I'm afraid some social effect: this
>>> may look like taking the software away from the original author, taking
>>> the credit for it. But on the other hand, the repository still will have
>>> commit history, and "forked from ..." reference.
>>>
>>> Andrew, any though on this aspect?
>>>
> 
>> We certainly should aim for a solution that allows authors to retain
>> ownership of and control over their own software, as well as
>> receive credit and recognition for it, if only because this is likely
>> to promote more contributions from individuals who care (quite
>> reasonably, IMHO) about those things.
> 
>> In options 1-4, the software ends up in a Qubes-owned repo no matter
>> what, right? It's just a matter of whether it's the official QubesOS
>> repo or a new repo we create specifically for that purpose.
> 
> Not necessary - option 3 is about keeping only build scripts (.spec,
> etc) in our repository, but pull the actual source from upstream. 

Ok, I see.

> I'm somehow reluctant for creating a single multi-package repository,
> mostly because qubes-builder (currently) does not support building a
> single package from such repo. So updating a single package means
> rebuilding all of them. But should be easy to fix - for example keep
> packages in separate directories (which is good idea anyway) and only
> point qubes-builder at those subdirectories.
> 

Yes, this seems like unnecessary overhead (compared to option 4).

>> If we want to allow authors to retain control (on GitHub) of their
>> own software (and not any other contributor's software), then it seems
>> like the only option is to allow each author to host their own
>> software under their own account (or an account they control).
> 
>> What if we just fork those repos (either into the official QubesOS
>> account or into a separate one created for this purpose), then
>> update the forks based on changes to the author-owned original
>> repos (only accepting author-signed commits and/or tags, of course,
>> and perhaps after a review process)? Isn't that essentially what
>> we're already doing with i3[1], awesome[2], and yubikey[3]?
>> (Awesome yubikey are forked from repos owned by woju
>> and you, so maybe those don't really count.)
> 
> Yes, this is the other option. The question here is: where should those
> forks be (current github org or a new one) and how should be named
> (original name, or some forced naming scheme like qubes-app-*)?
> 

I think it's fine to choose option 4 here, in line with your preference.
Since it would be a dedicated GitHub organization, we could simply
preserve the upstream names. Or, if there are organizational benefits
to prefixing (e.g., to sort them into groups or categories), then
adopt some prefixing scheme. It probably wouldn't be beneficial to
prefix them all the same way (e.g., qubes-app-*). (Maybe the GitHub
organization itself should be called Qubes-apps or QubesOS-apps?)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX//pjAAoJENtN07w5UDAwlD0QAK8FgXEuUWHe/WQ+keD9ORjh
gyRBNf3G5Vf96tRAKCFWvFf1z4DLB2Rhmq8e6RtZBB9venvt0cirdzxKgOyCqGqH
4nvVTln96KJd774zhbfNQYMDLrhpT04kWvLy96FXUFj2auPcwuYpoV5riFH6DJxa
aEsP9mujYL4ERH/YVazoGONWxRph0oXGVLkzx9vwDksd1zTNWPaoYVMtIMKlRr23
/BXIh0F6eD6fDI1vj7JKgxYjpEwJku8U9x0Bf5d5dBepUIFo8tT2PB59KoZidGBi
cCXDCToXRGtmtPnFt8MjxvJJohL8qQM5V8zch4FsmWYSe2QydWD38MGsXdtk52xr
qkjLQxgevt3+LojgedhS+Hgku3aH9Cbpqh3iNSwCo7T+lOw7GNWjyCdRh/HDVAsw
eMtnSFQUGo+PJ/7h4L2rYT0KNOrWU9x2LfFwjQXFbdW44LmhHlGmEZaAhH94FR/7
uVEjRBm0NVOT+3DRw/GqtiFM95VMhPo4cVRviTFlb87rd7l7+NCKVykBpE411VLo
XFvBCD/7M7QFzqdIZfZQ+Txx/3oCY7ui5mzxbtfUrkwECowL1rdOLRL/5K7iTFF2
MxwsX7t9HjUYW9xBSftwJEW9FtbjB3yxOyiPhbwmEqnUiZ/EnOs0aslcIqEC4PCF
ugil9BorDiU8PXJBz3Ma
=sxMC
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-devel/7034cda2-1772-6d7f-2b77-e75d51faadd0%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to