Fedora is a big project, and it’s hard to keep up with everything that goes on. This series highlights interesting happenings in five different areas every week. It isn’t comprehensive news coverage — just quick summaries with links to each. Here are the five things for September 11th, 2015:
Flock Conference Videos
It’s been a few weeks since Flock, Fedora’s big annual contributor conference. Wanted to come but couldn’t make it, or just otherwise interested in what we talked about? Video from sessions is now online. Of particular note, I think, was the “What does Red Hat want?” talk by Denise Dumas, and the keynotes.
Our first keynote was Be an Inspiration, not an imposter from Major Hayden. Major spoke about how it’s important to find the right level of confidence, and how to encourage that in others. Then, John Schull’s presented e-NABLE, an incredible community project which develops open source 3D-printed upper limb devices — robot hands! — for children.
You may also be interested in my State of Fedora talk (but apologies in advance, as our AV equipment hadn’t show up at that point and the recording is somewhat ad hoc).
FUDCon LATAM in Córdoba, Argentina
Flock isn’t Fedora’s only premiere event. We also have annual FUDCons — Fedora User and Developer Conferences — in Latin America (LATAM) and Asia/Pacific (APAC). This year’s FUDCon LATAM is going on right now in Argentina. Take a look at the http://fudconlatam.org/ site for details, and follow the event page on Facebook for photos and updates.
Bodhi 2 and what it means for you
As every Fedora user knows, we put out a lot of updates. All of these updates are prepared by Fedora contributors in the packaging group, and sent through a round of testing and then released generally. The system for managing that “push” process is called Bodhi, and after many years in development, the newest version, Bodhi 2, is live at https://bodhi.fedoraproject.org/.
This new version has many new features, and I’ll highlight just a few. First, it’s much easier for contributors to produce an update from the new web interface. After a packager identifies the component that needs an update, the system pulls together packages and possibly related bugs automatically.
And second — and possibly most interesting from a user point of view — the feedback checkboxes are now much, much more fine-grained. Before, the only option was a global “karma” value, with +, 0, or –. Now, you can actually attach feedback to various specific problems (“Was bug #1089880 fixed?”), in addition to general feedback on whether the update works. That way, users can provide valuable bits of information without feeling the need to test the whole thing, and submitters can make judgments based on better information (Hmmmm — big security issue is fixed correctly, but an existing unrelated annoyance still happens… I guess I’ll push this update now to protect people, and work on another one for the other bug.)
Fedora 23 Schedule Update
We are currently in the “beta freeze” period of the Fedora 23 release schedule. This means that all substantial work should be done, and we’re working on cleaning up bugs and stabilization for the beta release targeted at September 22 and the October final release.
Rethinking Bundling and Fedora
This week’s mega-thread on the Fedora development mailing list was kicked off by a post from Stephen Gallagher, who offers a Proposal to Reduce Anti-Bundling Requirements. To quote briefly:
Right now, we have a policy that essentially forbids source code from being bundled into a package. In technical terms, this means essentially that the packaging policies mandate that any code that appears more than once in the repository must be turned into a shared library and dynamically linked into any package that requires it. Any package that wants an exception to this must petition the Fedora Packaging Committee and get an explicit exemption from this policy. This process is heavyweight and sometimes inconsistent in how the decision is made.
Earlier this week, the popular photography software Darktable was almost dropped from the distribution due to bundling. This didn’t really seem like a great outcome for Fedora overall, and after debate that decision was reversed. But inspired by that (and by conversations we’ve been having for several years — see for example this blog post for a representative non-distro perspective), Stephen proposes that special permission no longer be required. There’s more, and a lot of discussion in the thread which I recommend reading and joining if you’re interested.
It also became clear that the current bundling policy has some clarity problems — Adam Williamson did some digging into that and is going to draft up some changes, saying:
I think any debate on what changes should be made to the current policies would benefit from these changes to make what the current policies actually are clearer, so I don’t mind doing it even if they all have to change again fairly soon.
Adam also has some thoughts on the overall discussion which I think are worth highlighting:
I think that back before the emergence of large ecosystems where bundling was the norm, distro bundling policies probably did yield significant results – distros had more power then, the F/OSS ecosystem was smaller and easier to impose norms on. The problem we face now is that the world has changed and there are huge chunks of the F/OSS ecosystem which see bundling as just the way they do things; the problem with our current policy is it gives us no way to even reasonably consider what’s an appropriate relationship with those ecosystems. All we can do is repeat the ~1995 mantra that the One True Way to work with Fedora is to turn your software into some nicely unbundled RPM packages, which is something they will just laugh out of court, and then we’re effectively just not talking to each other at all.
I’d prefer us to have some kind of sensible relationship with those kinds of ecosystems – even if in the end it’s simply to say ‘the way you get this software on Fedora is to use their distribution mechanism’, and our job is just to work with the ecosystem to make sure that works nicely on Fedora.
What do you think? Has the world changed, and how should Fedora react?
I disagree as a user with the idea that users don’t care about package quality or that they will get the software in whatever way they can if it’s not in their distribution’s repositories. I don’t do that! I wouldn’t use a distribution if it didn’t give me some guarantees about quality, convenience, security or stability. If security or resource usage means it’s a bad idea to bundle libraries, then I want them to be put in their own packages even if that requires more work, or means some software won’t be available.
It does not matter that not bundling software or making quality packages is not one of Fedora’s core values or priorities. Before being about freedom, features, friends or being first, Fedora is a Linux distribution. Any Linux distribution is more similar to Fedora than even the shoe-making company most focused on freedom, features, friends or being first. The role of a distribution is to act as an intermediary between upstream developers and users, so that users get what’s the best for them from the software developed upstream. The necessity to not bundle software and to make good packages comes from that, while the choice to reject nonfree software and the choice to focus on providing recent versions of software rather than stability are results of these values or priorities.
I chose Fedora because I care about software freedom and want recent software, but I expect good packaging guidelines from any distribution, independently of this.
In regard to Bodhi 2, where can I find more information about becoming a Fedora contributor?
Paul W. Frields
@Jim, if you’re looking to help with Bodhi, you can find the Github code here, along with issues that you’d be quite welcome to work on. You can also find the team at IRC Freenode on #fedora-apps.
Ok, thanks Paul!
I’m new to programming, but I know Git/Github so I can take a look and see what I can do at least.
Good packaging guidelines are valuable and I think the Fedora Project has a good approach. However, I think making exceptions is OK if it’s in the users interest (Friends!). But maintainers should keep track of these packages very carefully and reevaluate the need for an exception every release. Better ship the second best package concerning the guidelines than forcing the user to install bad packages from potentially insecure sources by not including it at all. You know who will be blamed in this case…
It’s basically impossible to do security updates if you have bundled code all over the place. First, you can’t keep track of what code is where. Second, even if you could, it would multiply the time and effort that goes into packaging the fixes, as well as testing and releasing them. Just because there are more lazy developers who don’t know how to do things correctly out there is no excuse for relaxing our much needed packaging requirements. Maybe in some cases the build ecosystem used in certain development environments could be improved to make it easier for upstream developers to build things without bundling (or at least having it as an option). For instance, packaging (in general, not just for Linux) Java applications without bundling is practically impossible, so there are definitely some ecosystem improvements needed there.
I believe that bundling is a need. It’s not that all software will be bundled, but those huge, multi-distro, multi-plataform software I think it’s required.
I work for a big blue company and their main productivity suite is bundled. It’s not just a matter of being lazy, but being cost effective.
Another thing, big software companies, thinks that Linux is Linux and they want to create a binary for Linux, period. Not one for Fedora, another one for Debian or openSUSE, … so they bundle software, just like they do for Windows and Mac.
A plus for bundled software is that once it’s marked as 3rd Party software, the responsibility for security patches is from the software developer and not the distro itself, so it’s one less thing to worry about.
That would also make a compelling case for bringing more people to Fedora from other wide used distros which use their own DE and X(???) stack.
Keep the software clean, free from bugs and any vulnerabilities. Anyway bundling seems not being the best as code cleaning is messy.