Hi there,
I would like to request the approval to import and re-distribute EPEL packages from Fedora to CentOS cbs/koji to enable CentOS SIGs to consume them.
The discussion has been happening on centos-devel https://lists.centos.org/pipermail/centos-devel/2021-May/076830.html
And there is a ticket open on the CentOS Infra tracker which began the discussion https://pagure.io/centos-infra/issue/306
As CentOS infra SIG, we would like to ensure we have done our due diligence on this request to make sure it is a) technically possible, and if so that we dont overlook important implementation details and b) there is no policy issues on redistribution that we are unaware of or could be problematic.
Thank you kindly, Aoife, on behalf of the CentOS Infrastructure SIG
Hello Aoife, I don't understand what do you expect us to approve here.
What kind of approval are you actually looking for?
From a legal perspective, you should be fine.
However, you probably don't want to do it this way because with the space requirements that would entail, you'd be better off setting up an archive repo for EPEL similar to the one that exists for the Fedora updates repo for OSTree systems (releng#9717).
Also, from a policy perspective, this would get weird, since there'd be aging duplicates in SIG repos which could lead to conflicts for CentOS users who use EPEL (though admittedly this is sort of the norm right now for some SIGs). Additionally, there may be a confusion of trust and maintainership with SIGs publishing their copies of the EPEL packages, since they will need to have them re-signed with their SIG key, but those packages will still say they're Fedora Project packages in the RPM metadata.
Finally, some of this really feels like SIGs don't want to work with upstreams that they consume (EPEL maintainers). I'm not sure it's a good idea from that perspective either.
@churchyard We do have some jurisdiction over EPEL, though most of it is delegated to EPSCo.
@amoloney You will also want to talk to EPSCo, who has their issue tracker here: https://pagure.io/epel/issues
Chiming in from EPEL side, I have no vote in Fesco. Legally, as stated above you should be fine.
My concern is that you have lumped together "Import and Redistribute". I believe that should be two separate discussions.
"Import", so that SIG's can build against EPEL packages. I think that is a great idea, and I give it a yes vote.
"Redistribute". I'm against this. I believe this will bring confusion to the consumers of whatever SIG is redistributing the package. My opinion, if a SIG produces a package, that requires an EPEL package at runtime (which is fine), that SIG should also require epel-release.
+1 to what @tdawson said.
A week has passed and there is no clear action for FESCo here.
Thanks for your replies and guidance, I have enough information for the CentOS infra SIG to review this topic again following @tdawson has recommended and will use EPSCo's tracker that @ngompa suggested if we have anything that needs to be discussed from that side.
Thank you all very much, this has been very helpful! Please feel free to close this ticket & thanks again!
Metadata Update from @churchyard: - Issue close_status updated to: Invalid - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.