Shorten the policy and adjust it to match current practice
First big change is to say that the policy only applies to 3rd party
repos which integrate with normal package installation mechanisms, and
anything like pip/cargo/snap etc. is excluded. I think this is enough
to clear up all confusion where pip is in violation of the policy.
Second change is to say that repo definitions should be in separate
(binary) packages. Previous policy stated that repo definitions should
be shared between variants, but with all repositories jumbled into one
package this is not realistic. Existing definitions are grandfathered
in.
Third change is to say that FESCo may allow the 3rd party repo to be
enabled by default. Currently fedora-cisco-openh264 is enabled by
default.
Fourth change is to cut out a lot of about motivations and goals. I
think a brief intro about goals is OK, but a policy text should not
contain links to old blogs and other distractions.
The rules that the 3rd party repo should have a small scope so it is
auditable remains unchanged. I believe that in the light of the first
change this now actually makes much more sense.
Fifth change is to remove the recursive rules for software
installation software included in 3rd party repos. On the one hand,
such software is covered by the general rules already included in the
policy. On the other hand, there a lot of specifics that are very
complicated and the text that was in place wasn't nearly enough to
properly regulate that. On the third hand, that text also made
unrealistic requirements like "GNOME Software should be able to track
and remove games installed using Steam." So if we ever want to include
a 3rd party repo with an installer for arbitrary software that would
integerate with normal package installation mechanisms, we should
discuss that separately and update to policy to properly handle such
cases.
Sixth change is to apply some minor grammar fixes.