But you're always going to see things like this when a company is involved in creating the product. I think if you want full open-source support for respins (not license compliance - everyone should comply with licenses - but real support and making it easy), you have to start with a non - company distro. Probably Debian Stable or the like...
-- James Pulver CLASSE Computer Group Cornell University -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dag Wieers Sent: Wednesday, September 03, 2014 2:57 PM To: R P Herrold Cc: Nico Kadel-Garcia; [email protected] Subject: Re: Questions about SL 7.0 On Wed, 3 Sep 2014, R P Herrold wrote: > On Wed, 3 Sep 2014, Nico Kadel-Garcia wrote: > >> It's quite galling: the current semi-manual re-assembly of local >> branches, based on "git log" entries, is winding up lauded as >> sufficient and superior because, frankly, it's the only thing that's >> currently supported. > > Nico > > I get it -- you are unhappy about unsigned SRPMS. I am located in the > US and so readily subject of the reach the upstream as a target for > litigation on perceived EULA / terms of use / etc violations. I won't > be exposing such a tool publicly, but then ... > > If you (seemingly offshore from the upstream) really cannot afford the > funds for a subscription, and will do the coding of a mrepo / > satellite / whatever proxy to retrieve the signed sources, please ... > pass the hat, buy a subscription, and just sit down and write the > code. It would seem (but you should satisfy yourself) that your > downside risk is that they will turn off such a subscription > > But is is not productive (for you) to carp over and over without > taking steps to address your concern, nor (for others) reading mailing > lists to wade through 're-runs' of your concern So the solution is anonymous donations of signed SRPMS in an automated fashion ? Has Open Source come to this ? And to what end ? Nico has a good point, and the only course of action is to make this absurd situation clear to the public. The only other two options are: paying and voiding you Red Hat contract or trusting Centos/infra/tooling. If all this is done only to make RHEL and CentOS more compelling offerings (than Oracle Linux, Scientific Linux, ...), it does leave a bad taste :-/ -- Dag
