From db353a4e1b9fb92e4617131cd8fa357681631a21 Mon Sep 17 00:00:00 2001 From: David Cantrell Date: Aug 17 2020 13:56:55 +0000 Subject: Fix wording in various places "third party" → "third-party", "labelled" → "labeled", removal of various syntactic sugar "repositories which contain" → "repositories containing", and shorteing of some sentences. No changes to meaning. --- diff --git a/fesco/modules/ROOT/pages/Third_Party_Repository_Policy.adoc b/fesco/modules/ROOT/pages/Third_Party_Repository_Policy.adoc index 967f078..aafc4ee 100644 --- a/fesco/modules/ROOT/pages/Third_Party_Repository_Policy.adoc +++ b/fesco/modules/ROOT/pages/Third_Party_Repository_Policy.adoc @@ -1,82 +1,82 @@ -= Third Party Repository Policy += Third-Party Repository Policy -A third party repository is any software repository which isn't officially maintained by the Fedora project, including link:https://copr.fedorainfracloud.org/[Coprs], as well as repositories that are hosted outside of Fedora. +A third-party repository is any software repository that the Fedora Project does not officially maintain, including link:https://copr.fedorainfracloud.org/[Copr repositories], as well as repositories that hosted outside of the Fedora Project. This policy sets out the conditions under which Fedora editions and spins can include repository definitions that make those third party repositories available to users. -It covers **repository definitions which are integrated with the usual package installation mechanisms** like `dnf` or `gnome-software`. +It covers **repository definitions integrated with the usual package installation mechanisms** like `dnf` or `gnome-software`. -This policy does not cover the packaging of tools that provide access to third-party software in a way that is clearly separate from installation of Fedora packages. Thus language-specific tools (`pip`, `maven`, `cargo`, `go`, …), tools that implement access to third-party packaged software (`steam`, `snap`, `apt`, `pacman`, `appstream`, `flatpak`, `dnf` invoked with package URLs, …), and tools that provide images of other systems (`docker`, `podman`, `machinectl`, …) are **not covered** by this document. +This policy does not cover the packaging of tools that provide access to third-party software that is separate from the installation of Fedora packages. Language-specific tools (`pip`, `maven`, `cargo`, `go`, …), systems that implement access to third-party packaged software (`steam`, `snap`, `apt`, `pacman`, `appstream`, `flatpak`, `dnf` invoked with package URLs, …), and tools that provide images of other systems (`docker`, `podman`, `machinectl`, …) are **not covered** by this document. The policy aims to make a wide range of software available to Fedora users similarly to native packages, -while ensuring that that software is clearly labelled, +while ensuring that that software is clearly labeled, so users are fully informed about the origin of the software that they are installing. Software from third-party repositories cannot be used when creating Fedora images. -== Third party repository distribution +== Third-party repository distribution -Third party repositories should be distributed in clearly named rpm packages. +Third-party repositories should be distributed in descriptively named rpm packages. Each third-party repository should be defined once through a separate (binary) package. Traditionally, definitions for multiple repositories were sometimes -combined into one package, but this is not encouraged and should not be used in new cases +combined into one package, but this is discouraged and should not be done in new cases (as an example, Fedora Workstation edition installs a package called `fedora-workstation-repositories`). -If they fulfill the requirements set out in this policy, third party repository definitions can be included in an edition or spin's install media. -The third-party nature of the repository must be clear to the user when they enable it, +If they fulfill the requirements set out in this policy, the Fedora edition or spin install media can include third party repository definitions. +The third-party nature of the repository must be apparent to the user when they enable it, as should the non-free status of its content, if such. Repositories may have the `enabled_metadata=1` (or equivalent) setting, so users can view the contents of the repository without enabling them explicitly. -Repository files must be configured with the `enabled=0` (or equivalent) setting, -and user must explicitly enable third-party repositories in order to install from them. -A FESCo exception my be granted to waive this requirement. +Repository files must include the `enabled=0` (or equivalent) setting, +and the user must explicitly enable third-party repositories to install from them. +FESCo may grant an exception to waive this requirement. Reuse of repository definitions among editions or spins is encouraged. == Key requirements for third-party repositories -Third party repositories must be approved by an active Fedora working group or SIG, or by FESCo. +Third-party repositories must be approved by an active Fedora working group or SIG, or by FESCo. Groups who approve the inclusion of third party repositories must have a documented process which allows for community input, which produces a traceable history for each decision (for example, a ticket or other record). -Additionally, repositories that are included in an edition or spin's third-party repository list must conform to the following requirements: +Additionally, repositories included in an edition or spin's third-party repository list must conform to the following requirements: -* Just as with any software hosted by Fedora, third party repositories must not contain material that poses undue legal risk for the Fedora Project or its sponsors. This includes, but is not limited to, software with known patent issues, copyright issues or software tailored for conducting illegal activities. Fedora working groups should evaluate if a proposed addition or provider poses a significant risk, and if in doubt confer with Fedora Legal for advice. +* Just as with any software hosted by Fedora, third party repositories must not contain material that poses an undue legal risk for the Fedora Project or its sponsors. This risk includes, but is not limited to, software with known patent issues, copyright issues, or software tailored for conducting illegal activities. Fedora working groups should evaluate if a proposed addition or provider poses a significant risk, and if in doubt, confer with Fedora Legal for advice. * Changes made by one Edition or spin should not impact other Fedora editions or spins. -* Working groups and SIGs should maintain oversight over the software that is made available through third party repositories, in order to prevent unvetted software being made available to Fedora users. As part of this, third party repositories should be managed in such a way that Fedora Legal can easily audit them. This implies that third party repositories should be limited to including small numbers of packages, or that measures should be put in place to limit which packages are made available from a particular repository by default. +* Working groups and SIGs should maintain oversight over the software that is made available through third-party repositories, to prevent unvetted software being made available to Fedora users. As part of this, third-party repositories should allow easy auditing by Fedora Legal. This requirement implies that third-party repositories should limit themselves to a small number of packages, or that measures should be put in place to define which packages are made available from a particular repository by default. -=== Software labelling and metadata +=== Software labeling and metadata -Third party and non-free software should be clearly identifiable to users through software management tools, prior to installation. For Fedora Workstation, this requirement applies to GNOME Software, the primary software installer for the desktop. For other editions and tools, the maintainers of the primary software management tools should work with FESCo to decide how to ensure adequate software labelling. +Third-party and non-free software should be identifiable to users through software management tools before installation. For Fedora Workstation, this requirement applies to GNOME Software, the primary software installer for the desktop. For other editions and tools, the maintainers of the primary software management tools should work with FESCo to decide how to ensure adequate software labeling. -== Third party software requirements +== Third-party software requirements -The software that is included in each third-party repository must conform to the following requirements. +Software included in each third-party repository must conform to the following requirements. === Software packaged as RPMs Requirements for software packaged as RPMs: -* Applications that ship as RPMs should conform with link:https://docs.fedoraproject.org/en-US/packaging-guidelines/[Fedora's RPM guidelines] as closely as possible. However, while this is best practice, it is not a hard requirement. (This more relaxed approach to RPM packaging is intended to allow software to be included for whom it is difficult to conform to Fedora's packaging guidelines.) +* Applications that ship as RPMs should conform with link:https://docs.fedoraproject.org/en-US/packaging-guidelines/[Fedora's RPM guidelines]. However, while this is the best practice, it is not a hard requirement. (This more relaxed approach to RPM packaging allows the inclusion of software for whom it is difficult to conform to Fedora's packaging guidelines.) * Software must be included in a DNF repository as described in the link:https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/package-management/DNF/[Fedora System Administrators Guide]. -* RPM packages in a third party repository must not replace packages provided by official Fedora repositories, nor break dependencies between those packages. +* RPM packages in a third-party repository must not replace packages provided by official Fedora repositories, nor break dependencies between those packages. === Software packaged using other formats -The Fedora project will likely want to offer software in formats beyond those mentioned above in the future. If those formats have special policy requirements, this policy document will require revision. However, requirements for these formats may be covered by the rules below. +The Fedora project will likely want to offer software in formats beyond those mentioned above in the future. If those formats have special policy requirements, this policy document will require revision. The rules below cover the requirements for these formats. == Duplicates and replacements -Third party repositories can be used to supplement official Fedora software. -In limited cases, they can be used to replace software that is included in the official Fedora repositories. Such cases require FESCo approval. +Third-party repositories can supplement official Fedora software. +In limited cases, they can be used to replace software included in the official Fedora repositories. Such situations require FESCo approval. == Maintaining a third-party repository -Those who are responsible for a repository which is included as a third party repository should notify the Fedora project if: +Those responsible for a repository included as a third party repository should notify the Fedora project if: -* the repository ceases to be maintained, or will cease to be maintained in the future -* the contents of the repository changes, either in terms of the software included, or how it is licensed +* repository maintenance ends or will end in the future +* the contents of the repository changes, either in terms of the software included or its licensing Fedora may also define agreements with third-party maintainers.