[CentOS-devel] CATPR - Community Approved Third Party Repos

Karsten Wade

kwade at redhat.com
Wed Sep 30 20:13:38 UTC 2015

Hash: SHA1

On 09/30/2015 12:25 PM, Johnny Hughes wrote:
> I am talking about all the packages.  And what I mean by secret
> sauce is .. if someone created a different version of a package
> (for example, maybe a different samba or firefox with different
> compile options .. and the same name), then we would not
> necessarily know that by even looking at the build logs.  We would
> KNOW everything if it is built on CBS.  Not only do we all know
> everything, it can be reproduced completely.

Adding some additional thoughts to consider, depending on what is in
the third-party repo ...

We have the same restriction the CentOS Project always had around
software needing to be redistributable including in the US. Meaning
not only an appropriate distribution license (FLOSS being the best),
but also considering the DMCA and software patents and so forth.

So if a repo that is currently third-party has that sort of material,
it cannot be brought in to the CBS with those materials in it.

It also means we likely cannot distribute the package repo RPM file
with CentOS Linux, as that would be pointing directly to infringing

Of course, it's worth mentioning IANAL, I'm just speaking from
experience here.

Kind regards,

- - Karsten
- -- 
Karsten 'quaid' Wade        .^\          CentOS Doer of Stuff
http://TheOpenSourceWay.org    \  http://community.redhat.com
@quaid (identi.ca/twitter/IRC)  \v'             gpg: AD0E0C41
Version: GnuPG v2.0.22 (GNU/Linux)


More information about the CentOS-devel mailing list