[CentOS-devel] CATPR - Community Approved Third Party Repos

[Karsten Wade]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/30/2015 12:25 PM, Johnny Hughes wrote:
> I am talking about all the packages.  And what I mean by secret
> sauce is .. if someone created a different version of a package
> (for example, maybe a different samba or firefox with different
> compile options .. and the same name), then we would not
> necessarily know that by even looking at the build logs.  We would
> KNOW everything if it is built on CBS.  Not only do we all know
> everything, it can be reproduced completely.

Adding some additional thoughts to consider, depending on what is in
the third-party repo ...

We have the same restriction the CentOS Project always had around
software needing to be redistributable including in the US. Meaning
not only an appropriate distribution license (FLOSS being the best),
but also considering the DMCA and software patents and so forth.

So if a repo that is currently third-party has that sort of material,
it cannot be brought in to the CBS with those materials in it.

It also means we likely cannot distribute the package repo RPM file
with CentOS Linux, as that would be pointing directly to infringing
software.

Of course, it's worth mentioning IANAL, I'm just speaking from
experience here.

Kind regards,

- - Karsten
- -- 
Karsten 'quaid' Wade        .^\          CentOS Doer of Stuff
http://TheOpenSourceWay.org    \  http://community.redhat.com
@quaid (identi.ca/twitter/IRC)  \v'             gpg: AD0E0C41
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlYMQnIACgkQ2ZIOBq0ODEHt1wCgw0b46dvnPZKy0naK0C8t+Dhu
VtwAoLQ7YegG2+6D/Xe+Mnr86vtnWEgY
=6Ssg
-----END PGP SIGNATURE-----