Le 03/09/2019 à 14:41, Kaleb Keithley a écrit :
On Tue, Sep 3, 2019 at 4:57 AM Xavier Bachelot <xavier@bachelot.org mailto:xavier@bachelot.org> wrote:
I'd be genuinely interested if anyone with access to this bug can give a quick summary of the reasons.
It boils down to only gvfs uses it. And it only uses it to read the title and the thumbnail from discs.
Opening the library for general consumption by publishing the -devel rpm opens Red Hat to other risks, e.g. dealing with CVEs in other parts of the library that Red Hat doesn't use.
(It seems to me they could have quite simply given the library a different name and avoided the whole issue.)
It looks like the people responsible for it will try to remove libbluray from RHEL8, opening the door for EPEL, one of the CentOS SIGs, or others to publish whatever they want without creating a conflict with the one in RHEL.
N.B. that's only libbluray. libXvMC is another matter.
Fine by me, I'm the original packager and Fedora maintainer for libbluray. Give it back to me, it'll get more love from me in EPEL than what it gets from Red Hat in RHEL :-)
Meanwhile, not publishing the -devel won't prevent people from using it, it will just make it harder to get potential issues fixed because the RHEL SRPM is what will be used to recreate the missing -devel and there will be no way to get Red Hat to fix the bugs in the part of the lib they don't care about.
Now, what about libXvMC and all the others ? There must be some reasons too. Imho, CBR is a weird idea, not publishing all -devel is even weirder. With the assumption and strong hope that CentOS won't replicate this dubious trick of segregating (part of) the -devel in a separate repo, it definitely looks like a saner platform to me.
Thanks for sharing Kaleb, much appreciated.
Regards, Xavier