[CentOS-devel] CATPR - Community Approved Third Party Repos
Karsten Wade
kwade at redhat.com
Wed Sep 30 20:13:38 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/30/2015 12:25 PM, Johnny Hughes wrote:
> I am talking about all the packages. And what I mean by secret
> sauce is .. if someone created a different version of a package
> (for example, maybe a different samba or firefox with different
> compile options .. and the same name), then we would not
> necessarily know that by even looking at the build logs. We would
> KNOW everything if it is built on CBS. Not only do we all know
> everything, it can be reproduced completely.
Adding some additional thoughts to consider, depending on what is in
the third-party repo ...
We have the same restriction the CentOS Project always had around
software needing to be redistributable including in the US. Meaning
not only an appropriate distribution license (FLOSS being the best),
but also considering the DMCA and software patents and so forth.
So if a repo that is currently third-party has that sort of material,
it cannot be brought in to the CBS with those materials in it.
It also means we likely cannot distribute the package repo RPM file
with CentOS Linux, as that would be pointing directly to infringing
software.
Of course, it's worth mentioning IANAL, I'm just speaking from
experience here.
Kind regards,
- - Karsten
- --
Karsten 'quaid' Wade .^\ CentOS Doer of Stuff
http://TheOpenSourceWay.org \ http://community.redhat.com
@quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlYMQnIACgkQ2ZIOBq0ODEHt1wCgw0b46dvnPZKy0naK0C8t+Dhu
VtwAoLQ7YegG2+6D/Xe+Mnr86vtnWEgY
=6Ssg
-----END PGP SIGNATURE-----
More information about the CentOS-devel
mailing list