in the process of the review due to a name change of TexStudio (formerly known as Texmakerx) some bundled libraries were discovered. 
I packaged the one missing from fedora to get it in but then upstream told me that it would not work, since he modified beyond a patchable/upstreamable level. 
Another problem is that qcodeedit is not really caring for this version.
I removed the bundled libraries with the help of a friendly maintainer on the -devel mailing list.
I hope that the FPC could grant an exception for this and would be glad to provide further information, if needed.
Well ok, so I am going to answer the asked questions as detailed as possible.
Upstream told me that the library is modified in many ways. I think it even calls TexStudio functions in some places. So I don't think it's possible to use the version included in fedora.
Why haven't the changes been pushed to the upstream library? [[BR]]
so no real progress from qcodeedit upstream
Have the changes been proposed to the Fedora package maintainer for the library? [[BR]]
No, since I am also the package maintainer of the library in fedora and I started packaging before I talked to TexStudio upstream.
*Could we make the forked version the canonical version within Fedora? For instance, if upstream for the library is dead, is the package we're working on that bundles willing to make their fork a library that others can link against?[[BR]]
I don't think so, since there is not really any benefit. I think there aren't any projects using qcodeedit so far and especially not the library used in TexStudio.
Are the changes useful to consumers other than the bundling application? [[BR]]
No, since there are no other applications in fedora using it and most of the changes are probably TexStudio specific
Is upstream keeping the base library updated or are they continuously one or more versions behind the latest upstream release?[[BR]]
Qcodeedit 2 upstream is pretty much dead so TexStudio upstream is not lagging behind.
What is the attitude of upstream towards bundling? (Are they eager to remove the bundled version? are they engaged with the upstream for the library? Do they have a history of bundling? Are they argumentative?)[[BR]]
Well they bundle also other software but this is mainly due to their commitment to various OS versions. hunspell and qtsingleapplication have been already removed.
Overview of the security ramifications of bundling[[BR]]
I don't know if there are any.
Does the maintainer of the Fedora package of the library being bundled have any comments about this?
Not really ;)
Is there a plan for unbundling the library at a later time?[[BR]]
I don't think so since the original qcodeedit upstream deprecated the 2.X.X version.
Bundling exception granted (+1:8, 0:0, -1:0)
Please be sure to add this provides to your package:
Metadata Update from @spot:
- Issue assigned to spot
to comment on this ticket.
Copyright © 2014-2017 Red Hat
2.90.1 — Documentation