On 02/03/2014 10:52 AM, Hans de Goede wrote:
Hi,
On 02/03/2014 02:14 AM, Ralf Corsepius wrote:
[2nd attempt to answer to this. My initial response from quite a while
age seems to have gone lost.]
On 01/29/2014 12:12 PM, Alec Leamas wrote:
Formally, this is about review request 3152 for dropbox-repo [1]. From
a more practical POV, it's about users being able to install software
like dropbox more or less "out of the box", an area where I think we
really need to improve (as can be seen in all those "Fedora XX post
installation guide" out there).
My basic understanding is that current Fedora guidelines needs a
interpretation in the rpmfusion context. Those brand new GL for 3-rd
party repos are in [2] (discussions in [3]). For now, I think they can
be abridged to:
- Non-free repos can not be part of Fedora yum configuration.
- In some cases free repos can be part of the configuration after
FESCO/Fedora legal approval.
Now, IMHO this doesn't really make much sense for rpmfusion for three
reasons:
- rpmfusion does not ban non-free software, it's one of the very
reasons it exists.
- FESCO/Fedora legal cannot approve anything in rpmfusion.
- We already have a list of endorsed 3-rd party repos [4].
To handle this, my simple proposal is that we handles packaged yum
repositories like this:
- It's ok to package yum repositories listed in [4].
- If anyone wants to change the list in [4] this should be announced
here on rpmfusion-devel, and not done until we agree on it (similar to
how we handle bundling exceptions).
Thoughts. out there?
All in all, I am not OK with rpmfusion shipping other party's repos,
because such repos are out of Fedora's/Rpmfusion's control/influence.
They open up an arbitrary amount of opportunities for these 3rd
parties to break, corrupt and damage Fedora installations (Package
conflicts, low quality packages, malware, spyware,
intruded/dead/broken 3rd party servers, etc), without Fedora/RPMfusion
being able to do anything against it.
In other words, I'd recommend not doing so, because you guys are
likely to be facing very tough times in cases something goes wrong
with these "endorsed 3rd party repos".
+1
Regards,
Hans
I'm in agreement with Ralf too.
imho, one of the biggest "selling point" for repositories like RPM
Fusion is the insurance the Fedora packaging guidelines are enforced and
thus the packages will integrate properly with the remaining of the
ecosystem. Some other repositories, including some that are proposed for
integration in RPM Fusion, are well known for theit low quality
packaging, hence the need for smart tricks like lpf. I think this bears
a high risk to backfire on unsuspecting users, and from my
understanding, providing more lpf packages is probably a better
solution, even if the maintenance cost is indeed higher.
Regards,
Xavier
