[Bug 2483] Review request: msttcore-fonts - TrueType core fonts for the web

RPM Fusion Bugzilla noreply at rpmfusion.org
Sun Sep 23 19:35:13 CEST 2012 

https://bugzilla.rpmfusion.org/show_bug.cgi?id=2483

--- Comment #13 from Kevin Kofler <kevin.kofler at chello.at> 2012-09-23 19:35:13 CEST ---
> currently the fonts are installed in the pre step.  the eula could be displayed
> in the pre step.

No. You should not display anything in the pre step and you CANNOT ask the user
for confirmation that he/she read it. RPM installs MUST be non-interactive.

http://www.oldrpm.org/hintskinks/interactive/

That was written in 2004. As far as I know, current versions of RPM go even
further to discourage interactive interaction, redirecting stdin (and maybe
even unsetting DISPLAY) for scriptlets so that you cannot prompt for user input
in them.

As for output (stdout/stderr), you can print some, but there is no guarantee
that the user will read it! PackageKit GUIs will NOT display scriptlet output
to the user. So it is also not suitable for EULAs.


> the ubuntu installer removes the fonts if the person does not accept ... and
> does not fail the install, it carries on as if nothing happened.  That's
> certainly doable in the post step.  I think the pre step is where you'd fail,
> but you don't want to fail, so there's nothing wrong about doing this in the
> post step.

1. This is not possible because you cannot ask the user to accept or refuse.
See above.
2. Having the package "installed" when it actually isn't is very broken.


> But maybe I've misunderstood.  Why is installing the fonts in the post step a
> no-go?  I read through the guidelines and I don't see anything about this. 
> Perhaps you could point me to that specification?

It is a no-go because you have no way to have the user confirm the acceptance
of the EULA before nor inside %post. See above: RPM installations MUST NOT be
interactive.


> As for this being a blatant abuse of rpm ... also, could you point me to
> something in the guidelines?  I had a look (again) at www.rpm.org/max-rpm, and
> at the fedora guidelines, and there's nothing about this "abuse of rpm" that
> this overly long pre section constitutes that I can see.  Perhaps you could
> point me to it?

It's an abuse because the files installed that way will not be tracked by
package management, defeating the whole purpose of RPM.

The reason this is not spelled out in the guidelines is probably that it is
considered obvious.


> I think that rpms are for ease of use for the end user, allowing for easy
> distribution and upgrades.  Easy for the end user, not necessarily the package
> maintainer(s).  The rpm doesn't have to be easy on the eyes for the package
> maintainer.  rpms contain executable content (scripts).  They aren't config
> files or xml files, they're essentially shell scripts in a cpio container.

The guidelines are made for ease of use for the end user, they have nothing to
do with package maintainers' convenience!
* RPM installations MUST NOT be interactive because there are users who want to
automate it, and a scriptlet attempting to prompt for confirmation over stdin
breaks that.
* RPMs are not supposed to dump unowned files to /usr in %post because it makes
a mess of the end user's system.


> There are other rpms on rpmfusion that have comparably long scripts in them.

But those scripts do not dump files to the file system. That's what the payload
is for.


> It may not be customary, most scripts just name a bunch of files and have some
> post script to kick off some service.  By the nature of this rpm, it cannot be
> like that, it has to have a script to download the cab files.

And that's exactly why those scriptlets are broken.

There ARE specfiles for guidelines-compliant packages of those fonts. The
resulting RPMs just cannot be legally redistributed. (You'll probably find them
somewhere anyway. Just not in RPM Fusion.)


> However, for the end user it is a great improvement over the alternative.  This
> rpm can be installed from yum, or from the gui installer, no need for autoplus,
> fedorautils or easylife.

I don't run any of those broken tools and I call them break-my-system tools.
Users should not be installing that proprietary crap in the first place, making
it easy is counterproductive.


> Display a notice?  here's the notice the ubuntu package displays:
>
> LIBERATION FONTS
> ----------------
>
> The package fonts-liberation contains free variants of the Times,
> Arial and Courier fonts. We recommend you use that instead unless you
> specifically need one of the other fonts from this package.

As explained at the beginning of this comment, displaying a notice is not
helpful because there is no guarantee that the users will read it, in fact most
users (especially the ones who don't already know about the Liberation fonts)
will be using GUI tools and thus NOT read it.


> http://fedoraproject.org/wiki/Features/Liberation_Fonts_2
>
> Fedora 18 is bringing in the croscore fonts to replace the liberation fonts. 
> croscore will be liberation 2.

That might end up getting reverted though, the CrOS Core fonts have much worse
(or nonexistent) hinting than the Liberation 1 ones:
https://bugzilla.redhat.com/show_bug.cgi?id=856239

-- 
Configure bugmail: https://bugzilla.rpmfusion.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the rpmfusion-developers mailing list