I had submitted a review request for the package clustal omega. This is a very powerful command line tool for carrying out multiple sequence alignment. This software uses a modified version of a library called squid (http://selab.janelia.org/software.html) for handling inputs.
My package violates the No Bundled libraries policy in Fedora packaging guidelines and I am requesting a bundled library exception.
My reasons for requesting an exception are below -
Quoting from squid's author's website (link above) -
"A C library that much of the above software bundles in. C function library for sequence analysis.
SQUID is my own personal library of C functions and utility programs for sequence analysis. I don't really suggest that you use it in your programs, as I change it at will. However, it does contains some small utility programs that some people have found useful in scripts that drive large HMMER tasks."
They do not have official releases to this library.
I contacted the clustal omega upstream to see if it was possible to submit their changes to upstream. They informed me that their changes are clustal omega specific.
I have attached the differences between squid upstream and squid library used by clustal omega here. Clustal Omega only uses a subset of squid's functionality and I am unaware of any program using squid as is.
So, it would be great if FPC can grant my request for bundled library exception.
This is a very useful software to have in fedora as a bioinformatics tool (even if the precompiled binary may be downloaded and used from the upstream website).
Thank you!
list of files different between squid upstream (squid-1.9g) and squid used by clustal. files
changes in source code between squid upstream (squid-1.9g) and squid used by clustal omega diff_files
Yes. Only a subset of squid (which is bundled) is being used in clustal omega. I have created a list of changes in detail and have attached it to this ticket.
As far as I can tell, two reasons - One, upstream (squid) does not care. They are providing the library as is. Two, the changes made to sqiud are specific to clustal omega.
The squid library is not available in Fedora.
From my interactions with upstream, they do not think it is a good idea to "unbundle" the package.
The bundling application (clustal omega) uses the library (squid) for obtaining input for sequence alignment. So, squid is an integral part of clustal omega.
Upstream does not have regular releases. They change the library as they see fit (see the description from the upstream website posted in the ticket description).
They do not want to unbundle the library.
Considering this library is used for a single purpose (taking input), I believe the security ramifications are minimal. But, my expertise in this area is minimal.
This library is not available in Fedora.
From my interaction with upstream, they do not have any plans to unbundle the library at present.
At today's meeting, this was discussed but we didn't have enough votes to pass it. Continuing voting in the ticket.
Proposal: "clustal omega has a forked copy of squid[http://selab.janelia.org/software.html]. Since squid was last updated in 2002, is a copylib, and clustal omega is the only user in Fedora, there is currently no benefit to a separate library. Permission to bundle has been granted unless some of those criteria change."
At the meeting the following points were brought up: This does leave us with the unfortunate case where another application might later be added to Fedora which also uses squid and we would then have to revisit this. however, there is precedent: If you look at TexStudio's qcodeedit in approved bundling: https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Packages_granted_exceptions you'll see we used a similar set of reasons for allowing it.
+1 from me
This is currently at +4, though I don't know if the request is still relevant.
I'm -1. Most of the code changes look perfectly upstreamable, though a few are questionable. For example, the addition of min() and isnumber() macros if the respective functions are not defined should be done in a more portable way (and detection should be done in configure.ac). Another example is API modification. This should be done in a backwards-compatible way by factorizing common code and adding new function calls with different parameter sets while keeping the old ones intact. Clustal Omega should use the new APIs while other consumers can keep using the old ones.
For me, this is an example of sloppy coding because they couldn't be bothered to do it properly.
Given that there's been no response in the seven weeks since I pinged on this, I'm going to go ahead and close it. Feel free to reopen if there's additional information to provide.
Replying to [comment:9 tibbs]:
Sorry, I have completely missed this ticket in my emails.
To answer rathann, squid upstream is not accepting patches. They said so ...
More importantly,
I misunderstood the vote many months back and the package is now approved. Should I retire the package and request re-review after this ticket is resolved? Please advise.
Thanks!
Here is today's meeting minutes, can you have a look through and answer any questions:
http://meetbot.fedoraproject.org/fedora-meeting-1/2015-01-29/fpc.2015-01-29-17.01.txt
Either way, we'll look at it again next week. Hopefully we'll get +5 and nothing needs to be done.
Updates after reading the meeting logs - both Jan 29, 2015 and the first meeting on Mar 06, 2014 (http://meetbot.fedoraproject.org/fedora-meeting-1/2014-03-06/fpc.2014-03-06-17.02.html)
My experience in this very minimal so I would (in all likelihood) be wrong in commenting on how good or bad the code is. So, I should pass. :)
Upstreamable code
If the FPC desires, I can clarify my interpretation with the squid upstream.
Thanks! Also, apologies for the earlier lack of replies.
FPC didn't have a chance to discuss this at today's meeting. This remains on the agenda for next week.
And just to make sure it's obvious (because after all this time it wasn't to me), the squid mentioned here isn't the Squid proxy server, but a "library of functions for biological sequence analysis".
I'm still +1 here. There's an interesting procedural question of whether the votes from Remi and Toshio still count now that they're no longer on the committee, but hopefully it won't matter.
We talked about this at today's meeting (http://meetbot.fedoraproject.org/fedora-meeting-2/2015-02-12/fpc.2015-02-12-17.05.txt):
Thanks for discussing and accepting this folks.
Metadata Update from @rathann: - Issue assigned to james
Log in to comment on this ticket.