#fedora-meeting log

16:00:56 <spot> #startmeeting Fedora Packaging Committee
16:00:56 <zodbot> Meeting started Wed Oct 13 16:00:56 2010 UTC.  The chair is spot. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:56 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:01:02 <spot> #topic Roll Call
16:01:06 <limburgher> Yeah.  The *one* day I don't brown-bag. :)
16:01:29 <Rathann> I'm here
16:01:30 * limburgher is here
16:01:45 * spot is here
16:02:26 <spot> abadger1999 rdieter tibbs SmootherFrOgZ: ping
16:02:35 * abadger1999 here
16:02:46 <rdieter> her
16:02:48 <rdieter> here even
16:03:23 <spot> well, thats 5 (quorum). I know tibbs was here earlier
16:03:29 <spot> racor may arrive a bit late
16:03:56 <spot> #topic D Guidelines - https://fedorahosted.org/fpc/ticket/7
16:04:05 <spot> https://fedoraproject.org/wiki/D%2Bpackaging%2Bguideline%2Bdraft
16:04:19 <spot> i finally got bioinfornatics to clarify the last issues
16:05:34 * spot will give everyone a moment to reread the draft
16:05:55 <Rathann> I hope the idea of moving to shared libraries as soon as upstream supports them is quite obvious and thus not written explicitly
16:06:24 <spot> Rathann: agreed
16:06:49 <spot> if there are no additional concerns, go ahead and toss out votes
16:06:51 <spot> +1
16:06:56 <Rathann> +1
16:07:08 <limburgher> +1
16:07:09 <abadger1999> +1
16:07:40 <spot> rdieter?
16:08:02 <rdieter> +1
16:08:20 <Rathann> hm, just noticed: what if the package contains not only static libs, but also binaries? one shouldn't disable debuginfo then
16:08:20 <spot> #action D draft is approved 5 +1, no 0, no -1
16:08:35 <Rathann> or?
16:08:41 <spot> Rathann: debuginfo doesn't know how to deal with static binaries
16:08:45 <Rathann> ah
16:08:55 <spot> loooong standing bug. :)
16:09:02 <Rathann> ok then
16:09:41 <spot> alrighty then
16:09:45 <spot> on to the "fun" stuff
16:09:56 <spot> #topic New library bundling exception - https://fedorahosted.org/fpc/ticket/15
16:10:39 <spot> so, the original request was to try to come up with a guideline that would cover the bundling in gupnp-dlna
16:11:10 <spot> but it morphed into a request for the fpc to handle bundling exceptions?
16:11:11 <spot> i think?
16:11:33 <abadger1999> Well...
16:11:54 <abadger1999> nirik asked whether we'd like to handle exceptions -- I don't think that was a request from fesco as a whole.
16:12:27 * nirik could ask at the next meeting if folks would like.
16:12:35 <spot> as much as i disagree with fesco's recent exceptions, i do think that it falls into their responsibilities
16:12:45 <abadger1999> the recent fesco has been a lot more lenient with exceptions than both previous fesco and we would be.... so it's causing conflicts.
16:12:46 <limburgher> Looks like an exception request situation, not a guideline issue.  FESCO fodder.
16:12:58 <limburgher> abadger1999 <nod>
16:13:12 * nirik notes elections will be coming up soon. :)
16:13:48 <spot> i think the only thing we could do would be to refuse to amend the guidelines to reflect the exceptions and ask the Board to reconsider.
16:14:10 <spot> but since i am on the board, i'd have to recuse myself from both proceedings
16:14:12 <abadger1999> Rationale for moving the responsibility to fpc would be that to remain fair we want to figure out why these exceptions should be granted and add the reasoning to the guidelines.  Lately, there doesn't seem to be a reason that can really be made from the exceptions granted.
16:14:34 <limburgher> nirik what, we should bum-rush them?
16:14:36 <limburgher> :)
16:14:40 <abadger1999> rationale for leaving with fesco -- if a maintainer conflicts with an fpc decision on granting an exception, it goes to fesco anyway.
16:15:01 <limburgher> abadger1999 <nod>
16:15:23 <spot> abadger1999: well, if fesco decides that they want us to handle the exceptions, we could certainly do so
16:15:30 <abadger1999> <nod>
16:15:39 <limburgher> Yeah.
16:15:43 <spot> nirik: please ask fesco about whether they want us to handle it or not
16:15:47 <nirik> ok.
16:15:48 <abadger1999> I would not be against us handling exceptions.
16:15:53 <Rathann> Agreed.
16:15:54 <spot> we'll wait to hear on that issue before we move forward on that ticket
16:16:13 <spot> #action nirik will ask FESCo if they want FPC to handle bundling exceptions
16:16:28 <spot> Alright. Moving on.
16:16:39 <spot> #topic Treatment of bundled libraries - https://fedorahosted.org/fpc/ticket/19
16:17:17 <spot> On this topic, I do not think it is necessary to remove bundled libraries from the tarball unless there is a legal reason (non-free, non-distributable)
16:17:33 <spot> I think deletion in %prep must be mandatory though.
16:17:42 <spot> and they should never end up in a package, even if they're unused
16:17:48 <Rathann> exactly
16:17:52 <rdieter> agreed
16:18:02 <limburgher> Emphatically yes.
16:18:42 <spot> the only corner case here is packages that bootstrap
16:19:06 <spot> and in those cases, they can use the bundled libraries to bootstrap, but still can't package them.
16:19:18 <limburgher> So we specify that.
16:19:27 * spot nods
16:19:31 <abadger1999> Note that deleting in %prep can cause more work patching the buildscripts.
16:19:54 <racor> spot: depends ... there are packages which are equipped with "bundled" libs, but explicitly support opts to use external ones (example: zlib/libz in GCC)
16:20:16 <Rathann> abadger1999: well, otherwise making sure that they are not used during compilation/linking can be a pain
16:20:16 * abadger1999 supposed autotools could work if we only delete the *.c and *.h files, not the Makefile.in and directory structure.... would have to test.
16:20:40 <rdieter> abadger1999: right (that's how I understand it generally)
16:20:42 <spot> racor: are you making that point in general or about the bootstrapping?
16:20:52 <limburgher> Nuke it, it's the only way to be sure.
16:21:01 <racor> spot: in general. "must be removed" is too radical
16:21:14 <abadger1999> Rathann: For compiled libs, true... configure output could lie for instance, so you'd have to check the build.log.
16:21:21 <rdieter> racor does have a point
16:21:46 <rdieter> though I've seen a fair number of configure scripts lie too (as abadger1999 mentioned)
16:22:03 <spot> yes, but i think leaving them in place just increases the likelyhood that they'll be used.
16:22:20 <spot> this is especially the case when the tooling isn't autotools
16:22:40 <abadger1999> Note that libraries also encompasses things that aren't compiled.
16:22:48 <limburgher> Exactly.  We have scads of different buildsystems being used.
16:22:58 <limburgher> Python, PHP, etc.
16:23:00 <spot> if the tooling supports opts to use external ones, then deleting the bundled copies should have no effect.
16:23:12 <racor> spot: Removing them may break things, esp. if using autotools!
16:23:15 <abadger1999> spot: Not always....
16:23:17 <spot> (and if it does, that's a bug in the tooling)
16:23:22 <Rathann> also it will let you see if upstream abuses non-public interfaces
16:23:33 * abadger1999 has seen plenty of what racor is mentioning right now.
16:23:53 <spot> abadger1999: chromium is especially bad about this, hardcoding paths for header files, for example.
16:23:59 <limburgher> Couldn't we then patch out the broken bits?
16:24:05 <limburgher> It's work, but. . .
16:24:11 <spot> limburgher: as long as the package isn't called "firefox"... ;)
16:24:18 <abadger1999> where the build scripts build the bundled libs unconditionally but only link against them if the system lib is not present.
16:24:20 <limburgher> spot <headdesk>
16:24:52 <spot> abadger1999: i think in those cases, we would either want to fix the build scripts or trick them by copying in the system so
16:24:59 <Rathann> abadger1999: well, that might produce broken binaries if system and bundled lib versions are different
16:25:29 <abadger1999> Rathann: No -- the build script builds the lib... but it doesn't then use those libraries to compile and link the program.
16:25:32 * spot would rather set a hard line policy here and deal with any fallout in exceptions
16:26:06 <rdieter> spot: +1, that maximizes sanity, minimizes badness I think
16:26:30 <abadger1999> I can vote for this, just mentioning that there's extra work involved.
16:26:41 <spot> abadger1999: sure.
16:26:42 <abadger1999> What about non-compiled libs?
16:26:57 <spot> abadger1999: like a bundled python component?
16:27:03 <racor> limburgher: patching is doable in many cases, is hard in some cases, in cases of properly implemented configurations, it's superfluous.
16:27:17 <abadger1999> Right.
16:27:28 <spot> abadger1999: i would think the same guidelines would apply.
16:27:53 <limburgher> racor  Indeed.  There may need to be exceptions, i.e. Firefox.
16:28:08 <abadger1999> So in scons, there's a few files that contain bundled code for the pyhton stdlib.
16:28:32 <abadger1999> ie: when running on python-2.4, use function foo() and bar().  When running on python-2.5 use function foo().
16:28:43 <abadger1999> The compat libs are i nthe same file.
16:28:46 <racor> limburgher:comments on firefox disclosed ;)
16:29:05 <spot> abadger1999: any reason why it isn't importing from python?
16:29:07 <abadger1999> Do we allow that because we can audit the code and see that the function won't be used?  Or do we patch it out?
16:29:28 <abadger1999> spot: It's not available in the earlier version of the stdlib.
16:29:49 <spot> abadger1999: last time i checked, try: except: worked pretty well. ;)
16:30:09 <abadger1999> In that example, bar() is first available in python-2.5's stdlib; foo() is first available in something later than python-2.5.
16:30:17 <abadger1999> spot: Right... that's how it's implemented.
16:30:32 <spot> abadger1999: then... i don't understand why the bundling is necessary
16:30:44 <spot> if it exists, use it. if not, look for the older one
16:30:47 <abadger1999> spot: But the question is -- do we need to patch the source file to remove just the function that's being bundled?
16:30:57 <abadger1999> spot: What older one?
16:31:00 <Rathann> IIUC they bundle some missing functions
16:31:06 <spot> oh, i see.
16:31:12 <spot> they're bundling deprecated functions.
16:31:15 <abadger1999> spot: The flow is t his:  If available from the stdlib, use it, if not, use the bundled version.
16:31:36 <abadger1999> spot: Opposite -- they're bundling functions that are not available on older python.
16:31:44 <spot> i would say that from Fedora's perspective
16:31:53 <spot> since we will never be shipping "older python"
16:32:23 * spot thinks
16:32:44 <rdieter> imo, the scons case is safe enough to be exception-worthy.
16:32:49 <spot> yeah
16:32:51 <abadger1999> We ship older python -- F13 has python-2.6 which is not the latest (python-2.7) and EL-5 has python-2.4....
16:32:56 <spot> i'm trying to think about how to word it.
16:33:09 <Rathann> we could patch it out, but that patch can't go upstream only after upstream decides to drop support for older python
16:33:22 <Rathann> eh... s/can't/can/
16:33:32 <abadger1999> Yeah -- I'd love to have the exception be generalizable :-)
16:33:41 <abadger1999> Rathann: Correct.
16:33:44 <spot> If the bundled code is in a code path which will never get triggered for the distribution target, then the package for that target does not need to remove that code.
16:33:59 <spot> So, for Fedora that will be true, and for older EPEL, it will be false.
16:34:12 <spot> EPEL will need to patch out the bundled code, Fedora will not.
16:34:26 <spot> how about that?
16:34:35 <abadger1999> spot: Uhm..... I think you're misunderstanding though -- if we patch out the code on EPEL, the pakcage cannot run on EPEL.
16:34:56 <spot> abadger1999: okay, so lemme back up.
16:35:14 <abadger1999> spot: Because the stdlib there does not contain that function in EPEL's version of python.
16:35:16 <Rathann> abadger1999: aren't there any backports of the missing functions? like python-kitchen?
16:35:18 <spot> the core idea behind "no bundled code" is to prevent duplication with system files
16:35:31 <racor> spot: This will not work, because RPEL already is facing problems from RHEL shipping outdated packages
16:35:33 <abadger1999> Rathann: Well... python-kitchen is in a similar position to scons here.
16:35:34 <spot> so, in EPEL, that code isn't really duplicated, hence, not bundled.
16:36:07 <rdieter> spot: right
16:36:35 <spot> So, this is a case where a package is bundling code that does not duplicate system functionality, and if it does, it is never used.
16:36:48 <Rathann> I'd say the exception is when the bundled code doesn't duplicate any code packaged for the distribution target
16:37:05 <Rathann> or is never used, yes
16:37:44 <abadger1999> Okay, that works for me as a general principle... Questions that we need to nail in the wording: "What's system functionality?  How does python's stdlib differ from a library not being included in Fedora-X"
16:38:35 <abadger1999> "If a bundled library is built but neither linked against or installed then the code path isn't being used, so why do we require it to be removed in %prep?"
16:38:41 <Rathann> well, if it's not included, but has separate upstream then normal rules apply, you have to package the separate upstream first
16:39:26 <limburgher> It's the "isn't being used".  How does Joe Packager (The Plumber's geeky brother) verify that?  Hint:  He doesn't know autotools.
16:39:36 <spot> Exception: Packages which bundle specific subsets of third-party code with the sole purpose of providing functionality that is not available in the system copy, and explicitly conditionalize that use in such a way that if the system copy provides that functionality, the bundled copy is not used, are exempt from the requirement to remove the bundled copy.
16:39:53 <abadger1999> "Is it legal to bundle portions of another codebase if those portions provide updated functionality to an existing Fedora package?"
16:40:06 <Rathann> if the headers of the bundled library are not used in compilation then it's OK, but can you guarantee? deleting certainly guarantees that
16:40:58 <limburgher> Rathann Exactly
16:41:05 <limburgher> Shoot the zombie in the head.
16:41:10 * abadger1999 likes spot's wording.
16:41:41 * spot uses code intentionally there, perhaps source code would drive the point home harder
16:41:43 <abadger1999> bundled s/copy/code/ ?
16:41:48 <abadger1999> at the very end?
16:41:58 <spot> abadger1999: yeah, good point.
16:42:12 <spot> Exception: Packages which bundle specific subsets of third-party source code with the sole purpose of providing functionality that is not available in the system copy, and explicitly conditionalize that use in such a way that if the system copy provides that functionality, the bundled copy is not used, are exempt from the requirement to remove the bundled source code.
16:42:32 <spot> whoops.
16:42:36 <spot> one more sed. ;)
16:42:44 <spot> Exception: Packages which bundle specific subsets of third-party source code with the sole purpose of providing functionality that is not available in the system copy, and explicitly conditionalize that use in such a way that if the system copy provides that functionality, the bundled source code is not used, are exempt from the requirement to remove the bundled source code.
16:43:02 * spot apologizes to racor, as that english is admittedly thick.
16:43:12 <Rathann> I'd also add that it should be mentioned in the specfile and must be verified at each update (if you're not deleting in %prep)
16:43:18 <racor> spot: legalize ;)
16:43:30 <spot> racor: guilty as charged. :)
16:44:12 <spot> Rathann: i'm fine with that
16:45:56 <abadger1999> +1
16:48:37 <abadger1999> So It's soemthing like: "Source code for bundled libraries must be deleted in %prep.  Build scripts may need to be patched to deal with this situation.  As an exception if a package bundles a specific subset of third-party source code with the '''sole purpose''' of providing functionality that is not available in the system copy and explicitly conditionalizes that use in such a way that if the system copy provides that functionality, the
16:48:38 <abadger1999> bundled source code is not used they are exempt from the requirement to remove the bundled source code.
16:49:47 <tibbs> Aargh, I got called away.
16:49:55 * spot is writing up a proper draft
16:49:56 <kalev> Should the guidelines perhaps mention that it's desireable to patch packages in such manner that the patches could be submitted back upstream?
16:50:00 <tibbs> Not usually in the office on Wednesdays.
16:50:20 <Rathann> kalev: well, dropping support for older versions is up to upstream
16:50:54 <Rathann> (talking about scons case)
16:50:58 <Rathann> but in others, sure
16:51:05 <kalev> I was just talking generally
16:51:06 <Rathann> so in general, yes
16:51:18 <kalev> one of the downsides of removing bundled libraries is that we'll have to carry patches
16:51:33 <abadger1999> kalev: It's the case for everything... but I have noticed that in this area people tend to take the easy way out rather than making patches that are upstreamable.
16:51:33 <Rathann> but we have that general guideline anyway
16:51:33 <kalev> so it makes sense to be able to submit them upstream instead
16:51:44 <abadger1999> It is much harder to do it in an upstream-friendly fashion.
16:51:53 <kalev> abadger1999: yeah, that's what I have noticed too
16:52:09 <spot> https://fedoraproject.org/wiki/PackagingDrafts/Treatment_Of_Bundled_Libraries
16:53:06 <spot> one more exception coming
16:53:33 <Rathann> sounds good to me so far
16:54:46 <tibbs> Talking about "bundled source code" in the second exception sort of makes it sound like it's supposed to be deleted from the source tarball.
16:55:12 <tibbs> Obviously that's explicitly stated earlier.
16:55:27 <tibbs> But people keep being confused by that kind of thing.
16:55:27 <spot> tibbs: yeah, i think the earlier disclaimer should cover that
16:55:28 <limburgher> Right.
16:55:49 <spot> how about i s/remove/delete there?
16:56:11 <spot> maybe even change it to say ... to delete the bundled source code during %prep.
16:56:11 <tibbs> Sure, using the same wording throughout can't hurt.
16:56:22 <Rathann> yep
16:56:33 <limburgher> Consistent and precise is good for everyone.
16:56:52 <spot> okay, change made
16:57:06 <spot> i also added the section on explicit exceptions from FESCo
16:57:37 <tibbs> Does FESCo have some sort of policy on requesting exemptions that we should link to there?
16:57:38 <spot> just to avoid the "but the guidelines say $FOO!" flame war.
16:58:00 * spot has a hard stop at 1
16:58:10 <abadger1999> spot: Link to https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries
16:58:27 <kalev> is there already a page with exceptions from FESCo? Maybe a link would be useful here?
16:58:48 <spot> abadger1999: link added
16:58:53 <spot> so, in the remaining 2 minutes
16:58:55 <limburgher> There's supposed to be, with rationale.
16:59:05 <spot> we can either vote or table this until next week
16:59:09 <tibbs> I'll vote +1 on this if we're voting.
16:59:11 <abadger1999> kalev: Yep, that's the page I said to link to.
16:59:13 <abadger1999> +1
16:59:14 <limburgher> +1
16:59:15 <spot> +1
16:59:22 <Rathann> +1
16:59:30 <racor> 0 table it
17:00:13 * spot notes that we're at +5
17:00:22 <abadger1999> racor: Reason to table?  I'm in no hurry but also don't see anything still wrong with it...
17:00:27 <spot> would anyone prefer to table the item, given racor's comment?
17:00:52 <tibbs> I don't see why, but maybe I'm missing something.
17:01:03 <limburgher> racor rationale?
17:01:09 <spot> just to be non-controversial, and because i'm out of time
17:01:13 <spot> i'm tabling this until next week
17:01:20 <abadger1999> Okee dokee.
17:01:26 <Rathann> no problem
17:01:31 <spot> okay, thanks everyone.
17:01:34 <spot> #endmeeting