Re: Proposal to reduce anti-bundling requirements

On 10/10/2015 12:12 AM, Kevin Kofler wrote: > Then you try to port the application to the new APIs, and if it's not > possible, you revert the library commit that removed the old API. Well, hold on: you now have the problem of maintaining a local fork. Surely that is more than a package

Re: Proposal to reduce anti-bundling requirements

Ian Malone wrote: > Maybe there's some confusion about the point I was making. I'm > referring to the case where the bundled library has functions that are > no longer present in the fedora version and the application requires > them. And I already answered that point:

Re: Proposal to reduce anti-bundling requirements

Andrew Haley wrote: > On 10/10/2015 12:12 AM, Kevin Kofler wrote: >> Then you try to port the application to the new APIs, and if it's not >> possible, you revert the library commit that removed the old API. > > Well, hold on: you now have the problem of maintaining a local fork. > Surely that

Re: Proposal to reduce anti-bundling requirements

On 12 October 2015 at 16:27, Kevin Kofler wrote: > Ian Malone wrote: >> Maybe there's some confusion about the point I was making. I'm >> referring to the case where the bundled library has functions that are >> no longer present in the fedora version and the application

Re: Proposal to reduce anti-bundling requirements

On 10/12/2015 04:29 PM, Kevin Kofler wrote: > Andrew Haley wrote: > >> On 10/10/2015 12:12 AM, Kevin Kofler wrote: >>> Then you try to port the application to the new APIs, and if it's not >>> possible, you revert the library commit that removed the old API. >> >> Well, hold on: you now have the

Re: Proposal to reduce anti-bundling requirements

Haïkel wrote: > And what happens if the library is consumed by other packages > requiring the new API? Of course you have to support both the new and the old one. > Let's keep Ian example: > You keep the deprecated function in the new library despite upstream's > decision. Since we keep shipping

Re: Proposal to reduce anti-bundling requirements

On 11 October 2015 at 12:43, Kevin Kofler wrote: > Haïkel wrote: >> And what happens if the library is consumed by other packages >> requiring the new API? > > Of course you have to support both the new and the old one. > >> Let's keep Ian example: >> You keep the

Re: Proposal to reduce anti-bundling requirements

2015-10-10 1:12 GMT+02:00 Kevin Kofler : > Ian Malone wrote: >> I'm actually all for unbundling, but going it alone is not guaranteed >> to be simple. "Oh, hey, that deprecated function has been removed." > > Then you try to port the application to the new APIs, and if it's

Re: Proposal to reduce anti-bundling requirements

Am 10.10.2015 um 11:27 schrieb Haïkel: Engineering is not science really? as previously stated, it's about compromises well, that can end in something like "the cleverer give in until he becomes the dumber itself" in german "Der Klügere gibt solange nach bis er selbst der Dümmere ist"

Re: Proposal to reduce anti-bundling requirements

Am 10.10.2015 um 12:46 schrieb Haïkel: 2015-10-10 12:17 GMT+02:00 Reindl Harald : Am 10.10.2015 um 11:27 schrieb Haïkel: Engineering is not science really? as previously stated, it's about compromises well, that can end in something like "the cleverer give in

Re: Proposal to reduce anti-bundling requirements

2015-10-10 12:17 GMT+02:00 Reindl Harald : > > > Am 10.10.2015 um 11:27 schrieb Haïkel: >> >> Engineering is not science > > > really? > >> as previously stated, it's about compromises > > > well, that can end in something like "the cleverer give in until he becomes > the

Re: Proposal to reduce anti-bundling requirements

On 8 October 2015 at 23:58, Kevin Kofler wrote: > Matthew Miller wrote: >> In many cases, this effectively means creating a Fedora-specfic fork of >> the project. > > Only if you call patches to the build system (with little to no changes to > the actual code) a "fork". >

Re: Proposal to reduce anti-bundling requirements

Ian Malone wrote: > I'm actually all for unbundling, but going it alone is not guaranteed > to be simple. "Oh, hey, that deprecated function has been removed." Then you try to port the application to the new APIs, and if it's not possible, you revert the library commit that removed the old API.

Re: Proposal to reduce anti-bundling requirements

On Thu, Oct 08, 2015 at 12:41:36AM +0200, Kevin Kofler wrote: > The current situation with packages stuck in the review queue forever, > exception requests to FPC skyrocketing, etc. is the result of rampant > packager laziness. So, what's your proposed solution here? How do would we make

Re: Proposal to reduce anti-bundling requirements

* Kevin Kofler [08/10/2015 02:33] : > > The thing is, it should NOT matter at all how upstream feels. If we treat > unbundling as something to do with upstream, we already failed. Unbundling > must be done whether upstream likes it or not, even in upstream's spite! And At this point, you're

Re: Proposal to reduce anti-bundling requirements

On 10/08/2015 12:31 AM, Kevin Kofler wrote: Jóhann B. Guðmundsson wrote: >Badges was supposed to be that carrot for the mule's so perhaps there's >just missing new set of badges for this... > >1.https://badges.fedoraproject.org/ Those "badges" are completely useless as a reward As real as

Re: Proposal to reduce anti-bundling requirements

On Thu, Oct 08, 2015 at 02:33:34AM +0200, Kevin Kofler wrote: > > I think this strikes a fair balance between promoting packaging hygiene > > and recognizing that not all upstream communities feel the same way Fedora > > packagers do about bundled libraries. > The thing is, it should NOT matter at

Re: Proposal to reduce anti-bundling requirements

Emmanuel Seyman wrote: > * Kevin Kofler [08/10/2015 02:33] : >> >> The thing is, it should NOT matter at all how upstream feels. If we treat >> unbundling as something to do with upstream, we already failed. >> Unbundling must be done whether upstream likes it or not, even in >> upstream's spite!

Re: Proposal to reduce anti-bundling requirements

Neal Gompa wrote: > ​Not that I don't agree that we should pursue unbundling whenever > possible, but I don't remember any contract or terms that explicitly said > *packagers* do the work of *developers* to re-architect > ​applications/services/etc to do stuff like that. In fact, I thought *the >

Re: Proposal to reduce anti-bundling requirements

Matthew Miller wrote: > In many cases, this effectively means creating a Fedora-specfic fork of > the project. Only if you call patches to the build system (with little to no changes to the actual code) a "fork". > Even if we accept unbundling as goal in itself is a given, there just > aren't

Re: Proposal to reduce anti-bundling requirements

2015-10-09 0:42 GMT+02:00 Kevin Kofler : > Neal Gompa wrote: >> Not that I don't agree that we should pursue unbundling whenever >> possible, but I don't remember any contract or terms that explicitly said >> *packagers* do the work of *developers* to re-architect >>

Re: Proposal to reduce anti-bundling requirements

On Fri, Oct 09, 2015 at 12:58:05AM +0200, Kevin Kofler wrote: > Only if you call patches to the build system (with little to no changes to > the actual code) a "fork". There might be some wording change to "upstreams allow" in the new policy to include this as should-be-unbundled cases —

Re: Proposal to reduce anti-bundling requirements

Matthew Miller wrote: > Find all the bundled libraries in all of Fedora, even with minor > variations in code and version. When there's a vulnerability, > automatically generate patches, bump the RPMs, rebuild test builds, run > them through automated testing (including a new test for whatever >

Re: Proposal to reduce anti-bundling requirements

On 7 October 2015 at 16:09, Kevin Kofler wrote: > Stephen John Smoogen wrote: >> Extra points if we can put this in as an RPM header and you can have a >> plugin which says "I only want N point packages" > > How does that help? It will just mean the user will never get the

Re: Proposal to reduce anti-bundling requirements

On 10/07/2015 11:21 PM, Stephen John Smoogen wrote: On 7 October 2015 at 16:41, Kevin Kofler wrote: >Stephen John Smoogen wrote: >>So the next step after that is that we reward people who lower a >>package's point. Good idea Kevin. > >"Reward" how? > I was thinking

Re: Proposal to reduce anti-bundling requirements

Stephen John Smoogen wrote: > So the next step after that is that we reward people who lower a > package's point. Good idea Kevin. "Reward" how? There shouldn't be any need for special rewards for a packager just doing his/her job, instead, those who don't do it shouldn't be allowed to be

Re: Proposal to reduce anti-bundling requirements

Stephen John Smoogen wrote: > Extra points if we can put this in as an RPM header and you can have a > plugin which says "I only want N point packages" How does that help? It will just mean the user will never get the packages because nobody will bother reducing the "points" if there is no

Re: Proposal to reduce anti-bundling requirements

On 7 October 2015 at 16:41, Kevin Kofler wrote: > Stephen John Smoogen wrote: >> So the next step after that is that we reward people who lower a >> package's point. Good idea Kevin. > > "Reward" how? > I was thinking of cookies, but I expect that some sort of system

Re: Proposal to reduce anti-bundling requirements

Jóhann B. Guðmundsson wrote: > Badges was supposed to be that carrot for the mule's so perhaps there's > just missing new set of badges for this... > > 1.https://badges.fedoraproject.org/ Those "badges" are completely useless as a reward. They're just a nonsensical entry on some website that I

Re: Proposal to reduce anti-bundling requirements

On Wed, Oct 7, 2015 at 8:33 PM, Kevin Kofler wrote: > Jared K. Smith wrote: > > I think this strikes a fair balance between promoting packaging hygiene > > and recognizing that not all upstream communities feel the same way > Fedora > > packagers do about bundled

Re: Proposal to reduce anti-bundling requirements

Jared K. Smith wrote: > I think this strikes a fair balance between promoting packaging hygiene > and recognizing that not all upstream communities feel the same way Fedora > packagers do about bundled libraries. The thing is, it should NOT matter at all how upstream feels. If we treat

Re: Proposal to reduce anti-bundling requirements

On 07/10/15 20:33, Kevin Kofler wrote: Jared K. Smith wrote: I think this strikes a fair balance between promoting packaging hygiene and recognizing that not all upstream communities feel the same way Fedora packagers do about bundled libraries. The thing is, it should NOT matter at all how

Re: Proposal to reduce anti-bundling requirements

Stephen John Smoogen writes: > Because in this networked world > everything becomes security sensitive because a hacker doesn't need to > be root to do a lot of things. My opinion is partly informed by my world being networked, with experience of compromises on and from

Re: Proposal to reduce anti-bundling requirements

On Mon, Oct 5, 2015 at 2:02 PM, Stephen Gallagher wrote: > I'm putting up another pass at the proposal, as there were some > critical typographical errors in the last one that caused confusion > (there were a couple places where I wrote "bundled" and meant > "unbundled" and

Re: Proposal to reduce anti-bundling requirements

On 6 October 2015 at 14:49, Jared K. Smith wrote: > > On Mon, Oct 5, 2015 at 2:02 PM, Stephen Gallagher > wrote: >> >> I'm putting up another pass at the proposal, as there were some >> critical typographical errors in the last one that caused

Re: Proposal to reduce anti-bundling requirements

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/30/2015 08:35 AM, Stephen Gallagher wrote: > Just to circle around here (in case people don't read my reply to > the FESCo meeting agenda), I'm making the following revised > proposal[1] to FESCo which may or may not be discussed at today's >

Re: Proposal to reduce anti-bundling requirements

Björn Persson writes: > Florian Weimer wrote: >> I would really like to see DT_NEEDED-based use cases for >> symbol interposition. > > Well, there is the thread wrapper I wrote for the Ada Milter API to > prevent Libgnat from leaking memory when Libmilter's threads

Re: Proposal to reduce anti-bundling requirements

On 5 October 2015 at 05:09, Dave Love wrote: > Tom Hughes writes: > >> Recently I even saw a case of a header only C++ library bundling >> another C++ head library which raises slightly metaphysical questions >> since dependants of a header only library

Re: Proposal to reduce anti-bundling requirements

Florian Weimer wrote: > I would really like to see DT_NEEDED-based use cases for > symbol interposition. Well, there is the thread wrapper I wrote for the Ada Milter API to prevent Libgnat from leaking memory when Libmilter's threads terminate. I think what it does is this symbol interposition

Re: Proposal to reduce anti-bundling requirements

I don't have the time to read the whole thread right now (and I'm not sure I ever will), but I think this is important, so here are my comments to the original proposal (to which I am totally opposed!): Stephen Gallagher wrote: > Right now, we have a policy that essentially forbids source code

Re: Proposal to reduce anti-bundling requirements

On Sun, Oct 04, 2015 at 03:29:38AM +0200, Kevin Kofler wrote: > > I would like to propose that the no-bundled-libraries policy be > > amended as follows: "Any package that has an existing mechanism to > > link against a shared system library and functions correctly when > > doing so must link

Re: Proposal to reduce anti-bundling requirements

On Fri, Oct 02, 2015 at 02:19:19PM +0200, Ralf Corsepius wrote: >> only for projects where upstream is fully active and cares about the >> security vulnerabilities in the bundled copies of software well. > Correct. That's one of the criteria, FPC is trying to consider when > granting bundling

Re: Proposal to reduce anti-bundling requirements

On 10/02/2015 01:46 PM, Tomas Mraz wrote: On Pá, 2015-10-02 at 13:18 +0200, Vít Ondruch wrote: Dne 30.9.2015 v 16:52 Ralf Corsepius napsal(a): Like I've said many times before, I feel Fedora needs a serious vulnerability in a widespread bundled or static library, such that people finally

Re: Proposal to reduce anti-bundling requirements

On 02/10/15 15:22, Matthew Miller wrote: On Fri, Oct 02, 2015 at 02:19:19PM +0200, Ralf Corsepius wrote: only for projects where upstream is fully active and cares about the security vulnerabilities in the bundled copies of software well. Correct. That's one of the criteria, FPC is trying to

Re: Proposal to reduce anti-bundling requirements

On Fri, Oct 2, 2015 at 9:22 AM, Matthew Miller wrote: > (To be clear, I personally am in favor of also allowing more relaxed > bundling for smaller projects which are on the fringes of the system > integration you discuss. In other words, vastly expanding the "too >

Re: Proposal to reduce anti-bundling requirements

On Fri, Oct 02, 2015 at 02:11:46PM +0200, Ralf Corsepius wrote: > >This harms Fedora but not the upstream project which bundles. > Exactly. This "bundling everything" is upstream-centric. It's > convenient to them, but it's harmful to wider system integration. Toshio explained one time that

Re: Proposal to reduce anti-bundling requirements

On Pá, 2015-10-02 at 13:18 +0200, Vít Ondruch wrote: > Dne 30.9.2015 v 16:52 Ralf Corsepius napsal(a): > > > > Like I've said many times before, I feel Fedora needs a serious > > vulnerability in a widespread bundled or static library, such that > > people finally comprehend the harm of bundling.

Re: Proposal to reduce anti-bundling requirements

Dne 30.9.2015 v 16:52 Ralf Corsepius napsal(a): > On 09/30/2015 04:25 PM, Reindl Harald wrote: >> >> >> Am 30.09.2015 um 16:13 schrieb Orion Poplawski: >>> On 09/30/2015 07:45 AM, Fabian Deutsch wrote: Yes, I also see this as a good compromise. We then have the ability to at least track

Re: Proposal to reduce anti-bundling requirements

On 10/02/2015 01:18 PM, Vít Ondruch wrote: Dne 30.9.2015 v 16:52 Ralf Corsepius napsal(a): Like I've said many times before, I feel Fedora needs a serious vulnerability in a widespread bundled or static library, such that people finally comprehend the harm of bundling. This harms Fedora but

Re: Proposal to reduce anti-bundling requirements

On Wednesday, 30 September 2015 at 14:35, Stephen Gallagher wrote: > Just to circle around here (in case people don't read my reply to the > FESCo meeting agenda), I'm making the following revised proposal[1] to > FESCo which may or may not be discussed at today's meeting (given that > it was

Re: Proposal to reduce anti-bundling requirements

On Thu, Oct 01, 2015 at 10:01:29PM +0200, Dominik 'Rathann' Mierzejewski wrote: > > * All packages not in the critical path whose upstreams have no > > mechanism to build against system libraries '''may''' opt to carry > > bundled libraries, but if they do, they '''must''' include {{{Provides: > >

Re: Proposal to reduce anti-bundling requirements

On Thu, Oct 01, 2015 at 11:38:31PM +0200, Reindl Harald wrote: > >bundling out. Second, it demonstrates a case where it'd be better if > >the bundling had been documented, because it would have shown up in a > >query when the security team was working on that vulnerability > > the last part

Re: Proposal to reduce anti-bundling requirements

Am 01.10.2015 um 23:27 schrieb Matthew Miller: On Thu, Oct 01, 2015 at 10:01:29PM +0200, Dominik 'Rathann' Mierzejewski wrote: * All packages not in the critical path whose upstreams have no mechanism to build against system libraries '''may''' opt to carry bundled libraries, but if they do,

Re: Proposal to reduce anti-bundling requirements

On 09/30/2015 06:32 PM, Matthew Miller wrote: On Wed, Sep 30, 2015 at 04:52:48PM +0200, Ralf Corsepius wrote: people not declaring their bundles and not care about policies did the same before: not declare it and not ask for exceptions - there is a logical flow in "now that i don't need to ask

Re: Proposal to reduce anti-bundling requirements

On Thu, 2015-10-01 at 23:54 +0200, Ralf Corsepius wrote: > Seems to me, as if today's generation of fedora users and esp. > current > Fedora leaders need to go through the lessons people who had been > using > Linux then were tought the cruel way. I know you always think you're the ONLY ONE

Re: Proposal to reduce anti-bundling requirements

On 10/02/2015 12:09 AM, Adam Williamson wrote: On Thu, 2015-10-01 at 23:54 +0200, Ralf Corsepius wrote: Seems to me, as if today's generation of fedora users and esp. current Fedora leaders need to go through the lessons people who had been using Linux then were tought the cruel way. I know

Re: Proposal to reduce anti-bundling requirements

On Thu, Oct 01, 2015 at 07:00:13PM -0400, Matthew Miller wrote: > On Thu, Oct 01, 2015 at 11:38:31PM +0200, Reindl Harald wrote: > > >bundling out. Second, it demonstrates a case where it'd be better if > > >the bundling had been documented, because it would have shown up in a > > >query when the

Re: Proposal to reduce anti-bundling requirements

On 09/30/2015 05:20 PM, Neal Gompa wrote: On Wed, Sep 30, 2015 at 10:52 AM, Ralf Corsepius >wrote: On 09/30/2015 04:25 PM, Reindl Harald wrote: the opposite is more likely: people trying to avoid the FPC burden now

Re: Proposal to reduce anti-bundling requirements

Just to circle around here (in case people don't read my reply to the FESCo meeting agenda), I'm making the following revised proposal[1] to FESCo which may or may not be discussed at today's meeting (given that it was submitted late): === Mandatory === * The Fedora Base Working Group has been

Re: Proposal to reduce anti-bundling requirements

On Wed, Sep 30, 2015 at 08:35:41AM -0400, Stephen Gallagher wrote: > * All packages not in the critical path whose upstreams allow them to > be build against system libraries '''must''' be built against system > libraries. > * All packages not in the critical path whose upstreams have no >

Re: Proposal to reduce anti-bundling requirements

On Wed, Sep 30, 2015 at 3:30 PM, Zbigniew Jędrzejewski-Szmek wrote: > On Wed, Sep 30, 2015 at 08:35:41AM -0400, Stephen Gallagher wrote: >> * All packages not in the critical path whose upstreams allow them to >> be build against system libraries '''must''' be built against

Re: Proposal to reduce anti-bundling requirements

On Wed, Sep 30, 2015 at 8:35 AM, Stephen Gallagher wrote: > Just to circle around here (in case people don't read my reply to the > FESCo meeting agenda), I'm making the following revised proposal[1] to > FESCo which may or may not be discussed at today's meeting (given that

Re: Proposal to reduce anti-bundling requirements

On 09/30/2015 07:45 AM, Fabian Deutsch wrote: On Wed, Sep 30, 2015 at 3:30 PM, Zbigniew Jędrzejewski-Szmek wrote: On Wed, Sep 30, 2015 at 08:35:41AM -0400, Stephen Gallagher wrote: * All packages not in the critical path whose upstreams allow them to be build against system

Re: Proposal to reduce anti-bundling requirements

Am 30.09.2015 um 16:13 schrieb Orion Poplawski: On 09/30/2015 07:45 AM, Fabian Deutsch wrote: Yes, I also see this as a good compromise. We then have the ability to at least track bundling. I'd just like to point out that we have always had the requirement for package that bundled libraries

Re: Proposal to reduce anti-bundling requirements

On St, 2015-09-30 at 16:25 +0200, Reindl Harald wrote: > > Am 30.09.2015 um 16:13 schrieb Orion Poplawski: > > On 09/30/2015 07:45 AM, Fabian Deutsch wrote: > >> Yes, I also see this as a good compromise. > >> We then have the ability to at least track bundling. > >> > > I'd just like to point

Re: Proposal to reduce anti-bundling requirements

Il 30/09/2015 16:13, Orion Poplawski ha scritto: On 09/30/2015 07:45 AM, Fabian Deutsch wrote: On Wed, Sep 30, 2015 at 3:30 PM, Zbigniew Jędrzejewski-Szmek wrote: On Wed, Sep 30, 2015 at 08:35:41AM -0400, Stephen Gallagher wrote: * All packages not in the critical path

Re: Proposal to reduce anti-bundling requirements

On 09/30/2015 04:25 PM, Reindl Harald wrote: Am 30.09.2015 um 16:13 schrieb Orion Poplawski: On 09/30/2015 07:45 AM, Fabian Deutsch wrote: Yes, I also see this as a good compromise. We then have the ability to at least track bundling. I'd just like to point out that we have always had the

Re: Proposal to reduce anti-bundling requirements

On Wed, 2015-09-30 at 08:13 -0600, Orion Poplawski wrote: > > I'd just like to point out that we have always had the requirement > for > package that bundled libraries to carry the "Provides: > bundled(libname)" > metadata.  What's new here is not needing to go through the FPC to > get > an

Re: Proposal to reduce anti-bundling requirements

On Wed, Sep 30, 2015 at 04:52:48PM +0200, Ralf Corsepius wrote: > >people not declaring their bundles and not care about policies did the > >same before: not declare it and not ask for exceptions - there is a > >logical flow in "now that i don't need to ask FPC i don't declare it" > Exactly,

Re: Proposal to reduce anti-bundling requirements

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/30/2015 11:37 AM, Chuck Anderson wrote: > On Wed, Sep 30, 2015 at 08:35:41AM -0400, Stephen Gallagher wrote: >> * All packages not in the critical path whose upstreams have no >> mechanism to build against system libraries '''must''' be >>

Re: Proposal to reduce anti-bundling requirements

On Wed, Sep 30, 2015, at 12:28 PM, Matthias Clasen wrote: > The only way to ever make declaration of bundling reliable is to > automate it somehow. FWIW when I bundle, I use git submodules. A major benefit of this is that it makes it a lot harder to patch the upstream "accidentally" - you have

Re: Proposal to reduce anti-bundling requirements

On Wed, Sep 30, 2015 at 12:28:06PM -0400, Matthias Clasen wrote: > The only way to ever make declaration of bundling reliable is to > automate it somehow. I'm in support of more package automation for any case. With languages like Go, and for that matter I think basically any modern language

Re: Proposal to reduce anti-bundling requirements

On Wed, Sep 30, 2015 at 10:52 AM, Ralf Corsepius wrote: > On 09/30/2015 04:25 PM, Reindl Harald wrote: > >> the opposite is more likely: people trying to avoid the FPC burden now >> > can declare it without fearing somebody takes notice and points out a >> violation >> > If

Re: Proposal to reduce anti-bundling requirements

On Wed, Sep 30, 2015 at 08:35:41AM -0400, Stephen Gallagher wrote: > * All packages not in the critical path whose upstreams have no > mechanism to build against system libraries '''must''' be contacted > publicly about a path to supporting system libraries. If upstream > refuses, this must be

Re: Proposal to reduce anti-bundling requirements

On 30/09/15 14:35, Stephen Gallagher wrote: Just to circle around here (in case people don't read my reply to the FESCo meeting agenda), I'm making the following revised proposal[1] to FESCo which may or may not be discussed at today's meeting (given that it was submitted late): FWIW, I also

Re: Proposal to reduce anti-bundling requirements

Florian Weimer writes: > I think it is important to keep the LD_PRELOAD case separate from > implicit interposition between the main program (if linked with -E) and > DSOs or between different DSOs. LD_PRELOAD is quite explicit in what it > wants to do. OK. (I probably

Re: Proposal to reduce anti-bundling requirements

On Sat, Sep 19, 2015 at 03:54:12PM -0700, Adam Williamson wrote: > On Sun, 2015-09-20 at 00:15 +0200, Pierre-Yves Chibon wrote: > > On Fri, Sep 11, 2015 at 03:09:07PM -0600, Orion Poplawski wrote: > > > I think that wrapping up ruby and python packages into rpms seems > > > to be of > > > dubious

Re: Proposal to reduce anti-bundling requirements

On Fri, Sep 11, 2015 at 03:09:07PM -0600, Orion Poplawski wrote: > I think that wrapping up ruby and python packages into rpms seems to be of > dubious benefit. These projects have their own package management systems > (that at least in ruby's case can handle multiple versions). I'm very much >

Re: Proposal to reduce anti-bundling requirements

On Sun, 2015-09-20 at 00:15 +0200, Pierre-Yves Chibon wrote: > On Fri, Sep 11, 2015 at 03:09:07PM -0600, Orion Poplawski wrote: > > I think that wrapping up ruby and python packages into rpms seems > > to be of > > dubious benefit. These projects have their own package management > > systems > >

Re: Proposal to reduce anti-bundling requirements

Am 18.09.2015 um 16:11 schrieb Scott Schmit: On Mon, Sep 14, 2015 at 09:09:47PM +0200, Reindl Harald wrote: Am 14.09.2015 um 21:04 schrieb Adam Williamson: But just two posts ago you were drawing a distinction between an 'OS' and a 'distribution' and saying that Fedora ought to be a

Re: Proposal to reduce anti-bundling requirements

On 09/15/2015 08:16 PM, Simo Sorce wrote: > On Tue, 2015-09-15 at 19:59 +0200, Florian Weimer wrote: >> On 09/15/2015 03:58 PM, Simo Sorce wrote: >> I'm not sure how difficult this would be because I'm not sure how many symbols rely upon indirect dependencies. I think it would be a

Re: Proposal to reduce anti-bundling requirements

On 09/16/2015 03:47 PM, Dave Love wrote: > Michael Stahl writes: > >>> Symbol interposition is used a lot for very useful features, blocking >>> interposition would break a lot of stuff. >> >> really? i've always thought that it was only useful for libc symbols, >> but maybe

Re: Proposal to reduce anti-bundling requirements

2015-09-15 13:02 GMT+02:00 Ralf Corsepius : > > a) We don't have any such tracking system. If maintainers followed FPC recommendations on that matter, it will be very easy to have one. I have in my TODO to implement one for CentOS Cloud SIG to track security issues for some

Re: Proposal to reduce anti-bundling requirements

On Fri, Sep 18, 2015 at 10:11:14AM -0400, Scott Schmit wrote: > ...per user. (Mozilla even had multiple user profile support within a > single user. I'm not sure if Firefox still has that or has since > dropped it.) Still has. I occasionally use it for testing. -- Matthew Miller

Re: Proposal to reduce anti-bundling requirements

On Mon, Sep 14, 2015 at 09:09:47PM +0200, Reindl Harald wrote: > Am 14.09.2015 um 21:04 schrieb Adam Williamson: > >But just two posts ago you were drawing a distinction between an 'OS' > >and a 'distribution' and saying that Fedora ought to be a distribution > >not an OS. > > > >So basically

Re: Proposal to reduce anti-bundling requirements

Michael Stahl writes: >> Symbol interposition is used a lot for very useful features, blocking >> interposition would break a lot of stuff. > > really? i've always thought that it was only useful for libc symbols, > but maybe that's because i don't work on base OS stuff. I'd

Re: Proposal to reduce anti-bundling requirements

On 09/14/2015 12:04 PM, Adam Williamson wrote: On Mon, 2015-09-14 at 12:45 +0200, Reindl Harald wrote: and much more important: if Fedora changes to more and more recommend "pip", "gem" and "cpan" like installs instead RPM packages it is no longer a distribution over the long because that

Re: Proposal to reduce anti-bundling requirements

Dne 14.9.2015 v 21:52 Orion Poplawski napsal(a): > On 09/11/2015 07:51 AM, Vít Ondruch wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Dne 10.9.2015 v 15:53 Stephen Gallagher napsal(a): >>> * Increases the available pool of software that can be packaged >>> substantially (many

Re: Proposal to reduce anti-bundling requirements

On Tue, 2015-09-15 at 19:59 +0200, Florian Weimer wrote: > On 09/15/2015 03:58 PM, Simo Sorce wrote: > > >> I'm not sure how difficult this would be because I'm not sure how many > >> symbols rely upon indirect dependencies. I think it would be a worthwhile > >> cleanup to turn on something like

Re: Proposal to reduce anti-bundling requirements

On 09/15/2015 03:58 PM, Simo Sorce wrote: >> I'm not sure how difficult this would be because I'm not sure how many >> symbols rely upon indirect dependencies. I think it would be a worthwhile >> cleanup to turn on something like you suggest, and attempt to bootstrap >> the OS using Fedora

Re: Proposal to reduce anti-bundling requirements

On 14 September 2015 at 16:47, Jóhann B. Guðmundsson wrote: > They simply have welcomed their new container overlords and are using only > the recommended upstream method for installing for their application ( > pip,gem etc since developers can use the upstream support

Re: Proposal to reduce anti-bundling requirements

On 09/15/2015 08:41 AM, Ian Malone wrote: On 14 September 2015 at 16:47, Jóhann B. Guðmundsson wrote: They simply have welcomed their new container overlords and are using only the recommended upstream method for installing for their application ( pip,gem etc since

Re: Proposal to reduce anti-bundling requirements

On 15 September 2015 at 10:11, Jóhann B. Guðmundsson wrote: > > > On 09/15/2015 08:41 AM, Ian Malone wrote: >> >> On 14 September 2015 at 16:47, Jóhann B. Guðmundsson >> wrote: >> >>> They simply have welcomed their new container overlords and are using

Re: Proposal to reduce anti-bundling requirements

On 09/15/2015 03:41 PM, Carlos O'Donell wrote: >> I looked at the Solaris documentation, and I'm not sure if it's the >> > right use-case. This seems to provide complete isolation, and would >> > break things like SQLite (at least older versions without file-private >> > locks) which need

Re: Proposal to reduce anti-bundling requirements

On 09/15/2015 09:08 AM, Chris Adams wrote: > Once upon a time, Matthew Miller said: >> A. Things that I care about keeping up to date are always moving too >>slowly. >> >> B. Things that I care about keeping stable are always moving too quickly. >> >> C. Things that

Re: Proposal to reduce anti-bundling requirements

Once upon a time, Matthew Miller said: > A. Things that I care about keeping up to date are always moving too >slowly. > > B. Things that I care about keeping stable are always moving too quickly. > > C. Things that I don't care about shouldn't bother me by having

Re: Proposal to reduce anti-bundling requirements

On Tue, Sep 15, 2015 at 11:08 AM, Chris Adams wrote: > Once upon a time, Matthew Miller said: > > A. Things that I care about keeping up to date are always moving too > >slowly. > > > > B. Things that I care about keeping stable are always moving

Re: Proposal to reduce anti-bundling requirements

On 09/14/2015 01:56 PM, Haïkel wrote: 2015-09-14 13:17 GMT+02:00 Andrew Haley : On 09/13/2015 09:23 PM, Haïkel wrote: I'm not speaking about PHP, most of the upstream I deal with are python developers. Bad habits are rather spreading than regressing. We're not going to solve

Re: Proposal to reduce anti-bundling requirements

On 09/15/2015 10:14 AM, Ben Rosser wrote: > > > On Tue, Sep 15, 2015 at 11:08 AM, Chris Adams > wrote: > > Once upon a time, Matthew Miller > said: > > A. Things that I care

Re: Proposal to reduce anti-bundling requirements

On Mon, Sep 14, 2015 at 12:54:31AM -0700, Adam Williamson wrote: > Whereas in *other* conversations, we have an apparent consensus that > Fedora ships far too *many* updates, too often. A. Things that I care about keeping up to date are always moving too slowly. B. Things that I care about

  1   2   3   >