Packaging 3-rd party repositories in rpmfusion

Mon Feb 3 01:30:42 CET 2014

On Wed, 2014-01-29 at 12:12 +0100, Alec Leamas wrote:
> To handle this, my simple proposal is that we handles packaged yum
> repositories like this:
> - It's ok to package yum repositories listed in [4].
> - If anyone wants to change the list in [4] this should be announced
> here on rpmfusion-devel, and not done until we agree on it (similar to
> how we handle bundling exceptions).
> 
> Thoughts. out there?
> 
> --alec

Hi,

I think it's OK to ship third party repository configurations in rpm
packages at rpmfusion. For instance, a rpmfusion-dropbox that contains
the single dropbox.repo file is fine. We're not redistributing the
software itself, we're just providing the repository configuration that
will enable users to skip going to each individual site and setting it
up themselves. This would also cement rpmfusion as *the* go-to place for
end users. While I wouldn't want such a package to go into Fedora since
it holds a much more strict line between free and non free software, I
think RPMFusion's slightly more relaxed principles permit this.

http://rpmfusion.org/FoundingPrinciples

This:
'this includes software with public available source-code that has "no
commercial use"-like restrictions'

would mean that we shouldn't. However, we're not providing the software,
just the configuration files. 

I also hope that this will help reduce the number of users resorting to
third party scripts that set stuff up for them without knowing what
these scripts actually do. At least this way, they'll know exactly what
packages are being installed.

One concern is that some of the rpms that third parties provide do ship
their own repo files. So, after the user installs a package, he might
end up with two repo files? We'll have to use proper conflicts in the
specs. What about GPG keys? (The adobe-release package ships a repo file
and a GPG key.)

If we do go down this path, I'd also suggest that we include a README
file with each such package that clearly states:
- this is only a repo file
- it just points you to the repository hosted by the third party
- you're getting the software directly from the vendors repository
- it is only for convenience
- we cannot support bug/feature requests; they go upstream (or wherever)
- the source code of this software is not available. Please use at your
own risk, i.e., you trust the developer. 

Lastly, we may need to speak to the third party devs and confirm if it's
OK to ship their repo files in the first place?
-- 
Thanks,
Warm regards,
Ankur (FranciscoD)

http://fedoraproject.org/wiki/User:Ankursinha

Join Fedora! Come talk to us!
http://fedoraproject.org/wiki/Fedora_Join_SIG

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <https://lists.rpmfusion.org/pipermail/rpmfusion-developers/attachments/20140203/ff996453/attachment.sig>