-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/30/2015 12:25 PM, Johnny Hughes wrote:
I am talking about all the packages. And what I mean by secret sauce is .. if someone created a different version of a package (for example, maybe a different samba or firefox with different compile options .. and the same name), then we would not necessarily know that by even looking at the build logs. We would KNOW everything if it is built on CBS. Not only do we all know everything, it can be reproduced completely.
Adding some additional thoughts to consider, depending on what is in the third-party repo ...
We have the same restriction the CentOS Project always had around software needing to be redistributable including in the US. Meaning not only an appropriate distribution license (FLOSS being the best), but also considering the DMCA and software patents and so forth.
So if a repo that is currently third-party has that sort of material, it cannot be brought in to the CBS with those materials in it.
It also means we likely cannot distribute the package repo RPM file with CentOS Linux, as that would be pointing directly to infringing software.
Of course, it's worth mentioning IANAL, I'm just speaking from experience here.
Kind regards,
- - Karsten - -- Karsten 'quaid' Wade .^\ CentOS Doer of Stuff http://TheOpenSourceWay.org \ http://community.redhat.com @quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41