Mailinglist Archive: opensuse-factory (443 mails)

< Previous Next >
Re: [opensuse-factory] Re: please someone help with SR#711379
On Mon, Jul 01, 2019 at 01:34:26PM +0200, Richard Brown wrote:

Fair enough, so then lets talk about non-Factory packages.
If a package has not been sent through the Factory process, then it
hasn't had the necessary quality or legal reviews, the very reviews
which are enforced by the bots being discussed in this thread.

The quality reviews are essential for the package to be considered
suitable for openSUSE / SUSE in a trademark/copyright sense, which is
essential for ensuring the brands remain popular.
Our brand is a topic our lists have shown a great interest in lately
so I think it's safe to say that regardless as to whether the Project
keeps its name or not, the consensus is that the Project shouldn't
take unnecessary risks with it's brand.
Redistributing unchecked packages, would be a significant risk with
potentially catastrophic consequences.

The legal reviews are even more important, given the responsibility
which SUSE / the openSUSE Project take when redistributing software
under various licenses, including the GPL.
It risks this projects very existence if we were to inappropriately
redistribute software with incompatibly, incompletely, or otherwise
non-compliantly with the source code licenses of our packages.

What people do in their home project is their own business, but as
there is no guarantee a home project package is legally sound, nor
that it will be there tomorrow [1], I consider it frankly

For the record, even with a package in Factory, you have no guarantee
it's still going to be there tomorrow. And the very section you linked
says in its second sentence that even OBS itself may not be there
tomorrow.

irresponsible to suggest that approach to software distribution is
acceptable.

If a package hasn't gone through the Factory process, ie. it is not in
either Tumbleweed or Leap, then the package cannot, should not, and
must not be considered an output of the openSUSE Project and therefore
it's quality and legal correctness cannot be attested to.

I never denied there are advantages of having a package in the
distribution. What I claim is that for some people these are not strong
enough to bite the bullet and jump through the hoops.

And I'm pretty sure our users only want software that works and that
they can use and redistribute legally... or am I way off the mark with
that?

I'm sure there are users who insist on having everything 100% legally
clean and wouldn't taint their installation with a package from legally
inaudited source. But if it's a majority? I wouldn't bet on that.

Just take the example of uncrippled ffmpeg packages needed to play h264
or HEVC video. I fully understand why we cannot provide them as part of
openSUSE distribution (even if there is nothing illegal about them in
most countries, including mine). But I don't believe majority of our
users who want to play video contents end up with "OK, then rather than
install a package which hasn't been approved by SUSE legal team, I won't
play those videos."

The way I see it, typical users considers various options and goes with
the most convenient option. The scale may look like

1. Package is in the distribution
2. There is a ready to install package somewhere else (OBS, Packman)
3. I have to build it myself

Different users have different thresholds where they stop in their
effort. And, of course, sometimes a user needs or wants a newer version
which makes them choose 2 or 3 even for packages which are in the
distribution. I know you don't like it and criticize the practice often
but most users have rather utilitarian attitude towards their system and
do not appreciate the value of having everyting 100% clean distribution
only nearly as much.

From packager point of view, it's mostly about the pro's and con's of
having the package in Factory. Both pro's and con's are clear and have
been listed multiple times. What I'm saying is that some of the rules
and actions of project maintainers (or review team, release team or
whatever you want to call them) tend to shift the balance in the "con"
direction. And that in my eyes and in eyes of many of my colleagues,
not nearly all of them can be excused with "it's about quality" and that
as such, they shift the balance too much, doing more harm than good.

Michal Kubecek
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >