[CentOS-devel] Reasoning behind RHEL8 packages without corresponding -devel?
xavier at bachelot.org
Tue Sep 3 13:21:49 UTC 2019
Le 03/09/2019 à 14:41, Kaleb Keithley a écrit :
> On Tue, Sep 3, 2019 at 4:57 AM Xavier Bachelot <xavier at bachelot.org
> <mailto:xavier at bachelot.org>> wrote:
> I'd be genuinely interested if anyone with access to this bug can
> give a
> quick summary of the reasons.
> It boils down to only gvfs uses it. And it only uses it to read the
> title and the thumbnail from discs.
> Opening the library for general consumption by publishing the -devel rpm
> opens Red Hat to other risks, e.g. dealing with CVEs in other parts of
> the library that Red Hat doesn't use.
> (It seems to me they could have quite simply given the library a
> different name and avoided the whole issue.)
> It looks like the people responsible for it will try to remove libbluray
> from RHEL8, opening the door for EPEL, one of the CentOS SIGs, or others
> to publish whatever they want without creating a conflict with the one
> in RHEL.
> N.B. that's only libbluray. libXvMC is another matter.
Fine by me, I'm the original packager and Fedora maintainer for
libbluray. Give it back to me, it'll get more love from me in EPEL than
what it gets from Red Hat in RHEL :-)
Meanwhile, not publishing the -devel won't prevent people from using it,
it will just make it harder to get potential issues fixed because the
RHEL SRPM is what will be used to recreate the missing -devel and there
will be no way to get Red Hat to fix the bugs in the part of the lib
they don't care about.
Now, what about libXvMC and all the others ? There must be some reasons too.
Imho, CBR is a weird idea, not publishing all -devel is even weirder.
With the assumption and strong hope that CentOS won't replicate this
dubious trick of segregating (part of) the -devel in a separate repo, it
definitely looks like a saner platform to me.
Thanks for sharing Kaleb, much appreciated.
More information about the CentOS-devel