#106 non-official Fedora repo files in packages
Closed: Fixed None Opened 8 years ago by spot.

Proposal

"Configuration for package managers in Fedora MUST only reference the official Fedora repositories in their default enabled and disabled state (see the yum repo configuration in the fedora-release package for the canonical list). If the package wishes to include additional repository configuration, those may be included in the package's documentation. Copying the example repository configuration files (or the information within them) from the documentation directory to the package manager's configuration location must be an explicit step that the system administrator chooses to make to enable these repositories."


I would also propose an alternate, more strict suggestion:

"Configuration for package managers in Fedora MUST only reference the official Fedora repositories in their default enabled and disabled state (see the yum repo configuration in the fedora-release package for the canonical list). No package may include unofficial or third-party repository configurations, whether enabled or disabled."

So the change is to disallow shipping the repository information as %doc?

I think we might have to bite the bullet and put in what criteria makes a repository okay to ship as %doc and what is contributory infringement. After all, I think that it would be illegal to have any of these:

  • a repository configuration in %doc pointing to a repo with patented code
  • a section of a README that tells what to put into a repo configuration to point at a repo with patented code
  • a README with a link to the repository with patented code

But of those, only the first would be covered by the change in wording (while simultaneously, removing repository files that would be okay to have in %doc). What if we link to the ForbiddenItems wiki page in the Guidelines like this:

""Configuration for package managers in Fedora MUST only reference the official Fedora repositories in their default enabled and disabled state (see the yum repo configuration in the fedora-release package for the canonical list). Unofficial and third-party repositories that contain only code that it is legal for us to direct people to in Fedora (see [http://fedoraproject.org/wiki/Forbidden_items] for an explanation of what is legal) may be shipped in %{_docdir}. The idea is that the system administrator would need to explicitly copy the configuration file from doc into the proper location on the filesystem if they want to enable the repository.

Note, the Licensing Guidelines may be a better link than Forbidden_items due to being restricted to the Legal: namespace http://fedoraproject.org/wiki/Licensing however, I couldn't find a succinct list like the following on that page:

"""
The Fedora Project strongly encourages using free and open source software. Fedora has licensing guidelines that enforce the following requirements:

  • If it is proprietary, it cannot be included in Fedora.
  • If it is legally encumbered, it cannot be included in Fedora.
  • If it violates United States laws (specifically, Federal or applicable state laws), it cannot be included in Fedora.
    """

Maybe the Licensing page should be updated to include the latter two bullet points as a summary and then we point there. Forbidden_items also seems like it should be updated to point to Licensing instead of the Packaging:Licensing Guidelines

My revised text was approved:

http://meetbot.fedoraproject.org/teams/fpc/fpc.2011-09-28-15.08.txt

Approved (+1:5, 0:0, -1:0)

Note that spot was not present. We can revisit if there's still issues with the revised text.

Announce text:
"""
A section has been added to the Guidelines that limits which package manager repositories are allowed to be configured in Fedora. Additional repository configuration files are allowed as documentation provided that they are legally allowable by Fedora.

https://fedoraproject.org/wiki/Packaging:Guidelines#Configuration_of_Package_Managers
"""

For the record, I am +1 on the draft as approved.

Metadata Update from @spot:
- Issue assigned to spot

3 years ago

Login to comment on this ticket.

Metadata