On 02/26/2014 12:25 PM, Manuel Wolfshant wrote:
Which is why the list was restricted to these 2 repos only and did not include IUS for instance - even if IUS is one of the most polite 3rd party repos
but then why be unfair to IUS ? or to anyone else for that matter.
the aim of quantification is also based around some level of expectations, and then writing code or putting in place a process that helps both sides of the fence adhere to that expectation. eg. not overwrite rpms from base, might be one ( but then, why not ? if someone wants to ship a new kernel, then that should be ok right ? ).
a slightly more involved case might be the multilib policy, and expecting the repo to adhere to whatever is needed in that scope.
a fairly complex issue would be to have a clearly defined, deliverable security patch policy along with the abililty to force-orphan code that has 'issues'. Scope of what that issues set might contain is another conversation in itself.
thats the sort of quantification were going to need. hope that clears the ambiguity up a bit.