From Fedora Project Wiki

< User:Toshio

Revision as of 18:04, 27 March 2014 by Toshio (talk | contribs) (Drafting some potential bundling library exceptions)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page is a draft only
It is still under construction and content may change. Do not rely on the information on this page.

There are multiple ways that we could consider relaxing the bundling guidelines. Collecting the ones that we've recently wanted to apply to a variety of situations here.

Active upstream Security Team

Another thing that might be viewed favorably by the FPC is if

  1. Project is actively developed and has a responsive upstream, with new
 releases occuring at least yearly. Rationale: a) if a security issue
 does arise, we don't want to be left on our own; b) where projects
 have bundled code but are not fast-moving, the reward/work ratio of
 unbunding the code is higher.


  1. Project has an active security response team of its own
 and has demonstrated both the ability and the will to release timely
 security updates when issues are discovered in bundled code.
 Rationale: this reduces the burden on our security team, and does not
 put Fedora maintainers in the position of creating or carrying our own


  1. The upstream project is actively working on unbundling.

We'd also allow forks of such projects in.

Too Big to Fail

Although it is a case of last resort that FPC is extremely reluctant to allow, we occasionally consider whether a package is too popular to keep out of the distribution. FPC

Too small to care