Review request: https://bugzilla.redhat.com/show_bug.cgi?id=1040517
This new package currently requires bundling three libraries. The two latter should only be temporary.
This is a copy lib consisting only in a few C files. Upstream makes releases but no libraries.
libuv is packaged in Fedora, but currently Julia needs a forked version. Upstream plans to get their patches included into the original libuv, at which point the Fedora package will use the standard libuv package. Security implications should be low since Julia is not currently ready for production, and is mainly aimed at technical/scientific applications (i.e. not networking programs at this point). The fork is kept relatively up-to-date, at 0.11.22 (from 2 months ago).
Tracking bug at https://github.com/JuliaLang/libuv/issues/2
Julia cannot use the version packaged in Fedora because it needs a version using its random numbers generator. Work is under way to completely get rid of the dependency on Rmath, which should be completed for the next 0.4 version in a few months. Security implications are very small since very few Julia functions now rely on it, and the library is kept mostly in sync with upstream, which is highly stable anyways (3.0.1, with R 3.1 only released three weeks ago).
Temporary exception for libuv bundling in Julia granted, until system libuv is a practical option. (+1:5, 0:1, -1:0).
Temporary bundling of Rmath is approved until it is no longer needed by Julia (0.4). (+1:6, 0:0, -1:0)
Xavier Lamien will make a dSFMT package, and Julia can use that instead of the bundled version.
OK, perfect! Please keep me in touch about the dSFMT package. Just ask if I can help.
Package dSFMT has been uploaded for review at https://bugzilla.redhat.com/show_bug.cgi?id=1108765.
to comment on this ticket.