Software in infrastructure vs repositories

Rahul Sundaram sundaram at fedoraproject.org
Tue May 29 18:36:28 UTC 2007


Toshio Kuratomi wrote:

> Do people think this is an allowable exception?  These apps are in a
> grey area between one-off system administration scripts and applications
> that are present in multiple environments already.  I think they must be
> OSS and their source must be available but I'm not sure if the
> requirement that they be packaged for Fedora is necessary.

We had a policy in place before when I used to sys admin stuff that all 
the packages needs to be available in the distribution repository and 
any local scripts be cleanly separated. It helps a lot.  You get 
packaging and legal checks. Even if a particular piece of software is 
used only in one place in the Fedora infrastructure not having it in the 
repository means the team is solely responsible for keeping track of any 
security issues. It is up to the team to decide to allow exceptions but 
you have to weigh the benefits carefully.

> I also foresee us running into issues at some point with version
> mismatches between the Fedora/EPEL packages and what we run on our
> servers.  Maybe we want to upgrade the TurboGears stack on our servers
> but we don't want to change the API for EPEL.  Maybe we are putting out
> necessary updates for the apps we are working on but upgrading the bits
> in Fedora/EPEL every two days doesn't seem like a good idea.  We need to
> have some ability to separate what we package for Fedora from what we
> are actively developing in Infrastructure.

Again any deviations from what is in the repository is additional 
burden for the team. Deciding on the details is why having good 
documentation on the policies are helpful. Maybe this could be discussed 
in the next IRC meeting?

Rahul




More information about the Fedora-infrastructure-list mailing list