On Mon, Jul 01, 2019 at 01:34:26PM +0200, Richard Brown wrote:
Fair enough, so then lets talk about non-Factory packages. If a package has not been sent through the Factory process, then it hasn't had the necessary quality or legal reviews, the very reviews which are enforced by the bots being discussed in this thread.
The quality reviews are essential for the package to be considered suitable for openSUSE / SUSE in a trademark/copyright sense, which is essential for ensuring the brands remain popular. Our brand is a topic our lists have shown a great interest in lately so I think it's safe to say that regardless as to whether the Project keeps its name or not, the consensus is that the Project shouldn't take unnecessary risks with it's brand. Redistributing unchecked packages, would be a significant risk with potentially catastrophic consequences.
The legal reviews are even more important, given the responsibility which SUSE / the openSUSE Project take when redistributing software under various licenses, including the GPL. It risks this projects very existence if we were to inappropriately redistribute software with incompatibly, incompletely, or otherwise non-compliantly with the source code licenses of our packages.
What people do in their home project is their own business, but as there is no guarantee a home project package is legally sound, nor that it will be there tomorrow [1], I consider it frankly
For the record, even with a package in Factory, you have no guarantee it's still going to be there tomorrow. And the very section you linked says in its second sentence that even OBS itself may not be there tomorrow.
irresponsible to suggest that approach to software distribution is acceptable.
If a package hasn't gone through the Factory process, ie. it is not in either Tumbleweed or Leap, then the package cannot, should not, and must not be considered an output of the openSUSE Project and therefore it's quality and legal correctness cannot be attested to.
I never denied there are advantages of having a package in the distribution. What I claim is that for some people these are not strong enough to bite the bullet and jump through the hoops.
And I'm pretty sure our users only want software that works and that they can use and redistribute legally... or am I way off the mark with that?
From packager point of view, it's mostly about the pro's and con's of having the package in Factory. Both pro's and con's are clear and have been listed multiple times. What I'm saying is that some of the rules and actions of project maintainers (or review team, release team or whatever you want to call them) tend to shift the balance in the "con"
I'm sure there are users who insist on having everything 100% legally clean and wouldn't taint their installation with a package from legally inaudited source. But if it's a majority? I wouldn't bet on that. Just take the example of uncrippled ffmpeg packages needed to play h264 or HEVC video. I fully understand why we cannot provide them as part of openSUSE distribution (even if there is nothing illegal about them in most countries, including mine). But I don't believe majority of our users who want to play video contents end up with "OK, then rather than install a package which hasn't been approved by SUSE legal team, I won't play those videos." The way I see it, typical users considers various options and goes with the most convenient option. The scale may look like 1. Package is in the distribution 2. There is a ready to install package somewhere else (OBS, Packman) 3. I have to build it myself Different users have different thresholds where they stop in their effort. And, of course, sometimes a user needs or wants a newer version which makes them choose 2 or 3 even for packages which are in the distribution. I know you don't like it and criticize the practice often but most users have rather utilitarian attitude towards their system and do not appreciate the value of having everyting 100% clean distribution only nearly as much. direction. And that in my eyes and in eyes of many of my colleagues, not nearly all of them can be excused with "it's about quality" and that as such, they shift the balance too much, doing more harm than good. Michal Kubecek -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org