Hi Workstation Working Group, So now that that Council finalized on the 3rd party software proposal in a positive way (https://fedorahosted.org/fesco/ticket/1617) we need to figure out the details on how we want to approach this as a working group. As mentioned in previous discussions and in the concrete proposal there will need to be some kind of procurement process here to ensure we don't drag Fedora and Red Hat into legal troubles.
So let me start by listing what think should be our guiding principles for dealing with 3rd party software.
a) We want the process of inclusion technical bit to be well documented and clear b) We want the process for inclusion in Fedora Workstation to be as transparent as possible.
So for a) I have already asked Richard Hughes to draft up a document including all technical requirements for a 3rd party application to show up in GNOME Software. He made a start of that in this blog entry (https://blogs.gnome.org/hughsie/2016/09/02/fedora-25-and-additional-software...)
My idea is that we build and that and ensure we get an article up on the Fedora Developer Portal with this information and more. Basically I want it to cover every step from source tarball to finished RPM/Flatpak and hosting.
I figure that this will in some sense be the easy step as all items here are already known we just need to pull things together and document them.
for b) things are a bit more of a blank sheet currently my thoughts on this are as follows:
So the process of procuring a new application has a few natural steps. 1) application developer reaching out to us or we reaching out to application developer 2) we discuss the technical requirements of a) with said developer 3) we discuss any legal issues with said developer (sounds scary, but it could just be pointing said developer to a terms of service agreement 4) if developer have already done or is willing to do 2) we decide if we want to include said application in GNOME Software. 5) we include the URL to their repository in our 3rd party repositories package
So one thing I been thinking quite a bit about here is that for many developers whose application could potentially be included might want to be able to have a non-public discussion with us on it first. There could be many reasons for this including not wanting to create a public expectation of something before they finally decided upon doing it to needing to figure out some technical or legal details before committing etc.
So my suggestion is that we as workstation working group members empower ourselves to be able to speak with this companies and people in confidence, but that we make it clear that the final decision to include will be a public one, done as part of the working group meetings. This should hopefully let us balance the need for privacy in initial discussions to having a clear public paper trail to how and when something was agreed to go inn.
We should also develop some kind of inclusion policy document, drawn from the basic guidelines of the Council proposal, to ensure that the inclusion decision is highly predictable.
I will also have another chat with the Red Hat lawyers to figure out the details of what kind of legal vetting etc., we need to do here.
Any other ideas or suggestions for how we proceed here? I assume that no matter what we decide upon we will need to adjust it as we get going and we deal with the real issues that might or might not pop up.
Sincerely, Christian
On Tue, Sep 6, 2016 at 4:10 PM, Christian Schaller cschalle@redhat.com wrote:
Hi Workstation Working Group, So now that that Council finalized on the 3rd party software proposal in a positive way (https://fedorahosted.org/fesco/ticket/1617)
That's the FESCo ticket. The Council ticket is: https://fedorahosted.org/council/ticket/57
we need to figure out the details on how we want to approach this as a working group. As mentioned in previous discussions and in the concrete proposal there will need to be some kind of procurement process here to ensure we don't drag Fedora and Red Hat into legal troubles.
You might want to converse with FESCo as well. They are currently coming up with text to their third party repository page so that it doesn't conflict with the Council direction. At the moment, the draft text[1] requires repositories to be approved by Fedora Legal and FESCo.
[1] https://fedorahosted.org/fesco/ticket/1617#comment:8
josh
Hi Josh, Ok, I posted on the FeSCO ticket, but I will also try to attend the next FeSCO meeting about the subject. I am a bit surprised FeSCO is assuming it would be their job to approve repos considering the council approved proposal clearly states that the 3rd party repos as a working group issue.
Christian
----- Original Message -----
From: "Josh Boyer" jwboyer@fedoraproject.org To: "Discussions about development for the Fedora desktop" desktop@lists.fedoraproject.org Sent: Tuesday, September 6, 2016 7:28:21 PM Subject: Re: Procedure for dealing with 3rd party applications
On Tue, Sep 6, 2016 at 4:10 PM, Christian Schaller cschalle@redhat.com wrote:
Hi Workstation Working Group, So now that that Council finalized on the 3rd party software proposal in a positive way (https://fedorahosted.org/fesco/ticket/1617)
That's the FESCo ticket. The Council ticket is: https://fedorahosted.org/council/ticket/57
we need to figure out the details on how we want to approach this as a working group. As mentioned in previous discussions and in the concrete proposal there will need to be some kind of procurement process here to ensure we don't drag Fedora and Red Hat into legal troubles.
You might want to converse with FESCo as well. They are currently coming up with text to their third party repository page so that it doesn't conflict with the Council direction. At the moment, the draft text[1] requires repositories to be approved by Fedora Legal and FESCo.
[1] https://fedorahosted.org/fesco/ticket/1617#comment:8
josh
desktop mailing list desktop@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/desktop@lists.fedoraproject.org
On Tue, Sep 06, 2016 at 04:10:14PM -0400, Christian Schaller wrote:
So one thing I been thinking quite a bit about here is that for many developers whose application could potentially be included might want to be able to have a non-public discussion with us on it first. There could be many reasons for this including not wanting to create a public expectation of something before they finally decided upon doing it to needing to figure out some technical or legal details before committing
I really dislike the confidential part and the reasons given for it aren't very convincing. Why do you think this is necessary to achieve the purpose of the 3rd party software policy as set out by the council?
If there's a need to work out legal details in a non-public manner, then confidentiality should be restricted to those legal discussions only.
Why should the fact that the Workstation WG reached out to vendor X (and the accompanying rationale for it) be kept a secret?
I have a hard time seeing any additional secrecy in this process as working towards advancing Fedora's mission. So if it is required at all in specific instances (like possibly with legal), I'd like those to be well-justified. Public communication should be the obvious default.
This is still Fedora after all.
Thanks, Lars
----- Original Message -----
From: "Lars Seipel" lars.seipel@gmail.com To: "Christian Schaller" cschalle@redhat.com Cc: "Discussions about development for the Fedora desktop" desktop@lists.fedoraproject.org Sent: Wednesday, September 7, 2016 4:50:30 PM Subject: Re: Procedure for dealing with 3rd party applications
On Tue, Sep 06, 2016 at 04:10:14PM -0400, Christian Schaller wrote:
So one thing I been thinking quite a bit about here is that for many developers whose application could potentially be included might want to be able to have a non-public discussion with us on it first. There could be many reasons for this including not wanting to create a public expectation of something before they finally decided upon doing it to needing to figure out some technical or legal details before committing
I really dislike the confidential part and the reasons given for it aren't very convincing. Why do you think this is necessary to achieve the purpose of the 3rd party software policy as set out by the council?
If there's a need to work out legal details in a non-public manner, then confidentiality should be restricted to those legal discussions only.
Why should the fact that the Workstation WG reached out to vendor X (and the accompanying rationale for it) be kept a secret?
I have a hard time seeing any additional secrecy in this process as working towards advancing Fedora's mission. So if it is required at all in specific instances (like possibly with legal), I'd like those to be well-justified. Public communication should be the obvious default.
This is still Fedora after all.
Ok, good question. And my answer is that this is a sensitive issue for both sides and we don't necessarily want to scare someone away or alienate them in the name of marginal extra openness.
Having a public negative discussion of a person or company is probably the worst thing we could do to ourselves here, because no matter how justified that might be in a given case it is very likely to scare away anyone else from even wanting to talk with us. Nobody wants their name dragged through the mud.
This of course means that the working group members are in practice only going to reach out to people or companies that we expect to be approved without much disagreement.
Another point worth making here is that the amount of applications where this would be relevant is quite limited. Just make yourself a quick mental list of potential people or companies and it is doubtful you even reach 10. Longer term there might be more as we look at offering more flatpaks, but for the near term future there is a very limited number of apps I think we can even imagine looking at.
It could also be potentially bad PR for us, because as soon as we announce names people start building expectations, like AppX will be available for download in Fedora. If we have a lot of those not coming through for reasons ranging from vendor disinterest to technical issues to legal issues it generates negative noise around the project.
So what I am saying is that we are probably better of only making this a formal issue once there is a formal issue to be had, meaning that if I for instance reach out to a vendor and they say thanks but no thanks then it is just as good that that never becomes an official Fedora question at all.
It is also worth noting that the 3rd party policy we want is objective in the sense that the criteria for inclusion is pretty clear. So the discussions we will have is if a proposed application qualifies the criteria, not subjective matters like 'Company X are shitheads' or 'an IDE for Pascal is a waste of time'. Which means that there is nothing being kept secret for any sinister reasons simply because nobody would even bother pursuing this if they are not convinced the application in question passes those objective criteria as opposed to a political process.
Christian
On Thu, 2016-09-08 at 10:59 -0400, Christian Schaller wrote:
So what I am saying is that we are probably better of only making this a formal issue once there is a formal issue to be had, meaning that if I for instance reach out to a vendor and they say thanks but no thanks then it is just as good that that never becomes an official Fedora question at all.
The only issue with that is that if nobody knows you reached out to a vendor and they declined, others might continue reaching out to the same vendor again and again, maybe with less discretion and annoying the vendor, which isn't good either.
So it could be useful to still make it public that an app/vendor won't get in Fedora through this means. However the difficulty becomes to not do that in a way that it becomes a « wall of shame ».
-- Mathieu
Yeah, I been pondering the issue of tracking here too, on the other hand as I said in another email my thinking is that there are so few vendors we would realistically deal with anyway that we could probably handle that through just informal coordination. So if a working group member wants to reach out to someone he/she knows who has been doing it so far so that they can just quickly ping and ask 'hey have you spoken to these people already'.
Christian
----- Original Message -----
From: "Mathieu Bridon" bochecha@daitauha.fr To: "Discussions about development for the Fedora desktop" desktop@lists.fedoraproject.org Sent: Friday, September 9, 2016 3:56:35 AM Subject: Re: Procedure for dealing with 3rd party applications
On Thu, 2016-09-08 at 10:59 -0400, Christian Schaller wrote:
So what I am saying is that we are probably better of only making this a formal issue once there is a formal issue to be had, meaning that if I for instance reach out to a vendor and they say thanks but no thanks then it is just as good that that never becomes an official Fedora question at all.
The only issue with that is that if nobody knows you reached out to a vendor and they declined, others might continue reaching out to the same vendor again and again, maybe with less discretion and annoying the vendor, which isn't good either.
So it could be useful to still make it public that an app/vendor won't get in Fedora through this means. However the difficulty becomes to not do that in a way that it becomes a « wall of shame ».
-- Mathieu -- desktop mailing list desktop@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/desktop@lists.fedoraproject.org
On Fri, 2016-09-09 at 14:03 -0400, Christian Schaller wrote:
Yeah, I been pondering the issue of tracking here too, on the other hand as I said in another email my thinking is that there are so few vendors we would realistically deal with anyway that we could probably handle that through just informal coordination. So if a working group member wants to reach out to someone
What about non WG members?
Linux users tend to be very enthusiastic, so I wouldn't be surprised if one of us one day contacts their favourite vendor to ask them for inclusion in Fedora.
Someone from the WG might already have contacted this vendor in private, and they had declined.
And given that their are very few vendors, I could imagine lots of us contacting the same vendor over and over again, simply because nobody knows the WG had already contacted them.
You can't assume that only WG members will try to contact vendor about inclusion in their favourite OS.
On Fri, Sep 9, 2016 at 4:42 PM, Mathieu Bridon bochecha@daitauha.fr wrote:
On Fri, 2016-09-09 at 14:03 -0400, Christian Schaller wrote:
Yeah, I been pondering the issue of tracking here too, on the other hand as I said in another email my thinking is that there are so few vendors we would realistically deal with anyway that we could probably handle that through just informal coordination. So if a working group member wants to reach out to someone
What about non WG members?
Linux users tend to be very enthusiastic, so I wouldn't be surprised if one of us one day contacts their favourite vendor to ask them for inclusion in Fedora.
Someone from the WG might already have contacted this vendor in private, and they had declined.
And given that their are very few vendors, I could imagine lots of us contacting the same vendor over and over again, simply because nobody knows the WG had already contacted them.
You can't assume that only WG members will try to contact vendor about inclusion in their favourite OS.
This happens today already. The proposal as it is doesn't change that.
The best one can do is keep a list of already contacted vendors and hope someone actually reads it. Anecdotal evidence suggests that it will be read for a short period of time, assumed to be stale after that, and the problem will persist.
I would strongly encourage everyone to not over-engineer a process to cover all possible cases here. It's not going to help.
josh
On Wed, Sep 07, 2016 at 10:50:30PM +0200, Lars Seipel wrote:
On Tue, Sep 06, 2016 at 04:10:14PM -0400, Christian Schaller wrote:
So one thing I been thinking quite a bit about here is that for many developers whose application could potentially be included might want to be able to have a non-public discussion with us on it first. There could be many reasons for this including not wanting to create a public expectation of something before they finally decided upon doing it to needing to figure out some technical or legal details before committing
I really dislike the confidential part and the reasons given for it aren't very convincing. Why do you think this is necessary to achieve the purpose of the 3rd party software policy as set out by the council?
[...]
Christian didn't say it was necessary in all cases, he said there are developers for whom it might be, and clearly stated one reason why. A process which sets up a third party developer for embarrassment or abuse isn't a good one, especially when we're trying to build mutually positive relationships.
desktop@lists.fedoraproject.org
-
Christian Schaller -
Josh Boyer -
Lars Seipel -
Mathieu Bridon -
Paul W. Frields