= Proposal topic =
Allow Racket, a Scheme-based language and programming environment, to bundle several libraries that upstream developers think are essential
= Overview =
The Racket language and programming environment, previously PLT Scheme, ships with a lot of bundled libraries. We already have PLT Scheme in our repository, and unfortunately it violates our "no bundling" policy in very significant ways.
The essential bundled libraries: Provides: bundled(libffi) = 3.0.10rc0
Provides: bundled(gmp) = 3.99 Provides: bundled(lightning) = 1.2 Provides: bundled(libunwind) = 0.99.0
Additionally, racket provides two garbage collectors: a modified version of Boehm GC, and their own garbage collector. While the proposed racket packaging use only the latter, the current plt-scheme packaging uses the Boehm GC on ppc64.
I'm perfectly happy to just drop support for architectures where the new GC does not work, if we decide not to allow Boehm GC to be bundled.
One of the included extension modules, 'plot', also contains some bundled libraries -- gd, png, zlib, etc. There is currently a security bug open against plt-scheme because it's also affected by the gd security flaw from 2009; current maintainer has yet to respond (he's not been seen for more than a year; I've just initiated the first step of the non-responsive maintainer process). I'm currently excising it from the racket package until it could be fixed properly.
= Problem space =
The current plt-scheme packaging violates the "no bundling" policy in major ways, and is significantly out of date. We should decide whether the bundling (both for core functionality, and for add-ons such as the plot module) should be allowed.
= Solution Overview = If bundling is allowed, get the racket review completed ASAP and make it obsolete the current plt-scheme on all supported Fedora releases.
If not, do a quick fix on plt-scheme, removing the buggy plot module, and retire it in Rawhide before F-15 branches so that we limit the rot to F-14 and below.
= Active Ingredients =
PLT Scheme -> Racket rename request https://bugzilla.redhat.com/show_bug.cgi?id=652083
PLT Scheme's gd vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=647242
= Owners =
Michel Alexandre Salim FAS: salimma / IRC: hircus
Can you file this over on the FPC trac now?
https://fedorahosted.org/fpc/newticket
We are having FPC handle bundled library requests now. Thanks.
Filed:
https://fedorahosted.org/fpc/ticket/28
Login to comment on this ticket.