Matt H wrote:
You mentioned that this project is not a part of Red Hat or the Fedora Steering Committee. However, as this becomes more well-known >
and widely used, will you consider proposing it become part of The > Fedora Project directly; much like The Fedora Docs Project and
similar? Or at least host it at fedora.redhat.com?
This is going to be very very tough to do I think. For the same reasons the tracker might best be hosted outside the US, the tracker might not be able to be incorporated into the official project as hosted and managed by Red Hat. Right now, I'm working under the assumption that incorporating anything similar to this tracker idea into the main fedora project site is not something Red Hat can do without taking on a finite amount of legal risk, due to the DMCA, because of links to 3rd party repositories containing patent and copyright encumbered software that is not legally redistributable in the US. It's not even clear the official site can even link to a tracker due to the DMCA issues without some risk.
Now we can all grumble about how crappy the DMCA is..and make noises about fighting it somehow. It's a crappy situation, and as much as I want to see functionality like this rolled into the red hat hosted fedora site, I'm not going to demand that Red Hat deliberately and knowingly break a US law. If Red Hat or any US individual for that matter wants to commit an act of civil disobedience by breaking a law they don't agree with its their choice to do so, but its not something anyone can demand another person or entity to do. If US citizens on this list want to take on the legal liability and provide mirrors of the tracker, that's their decision, and would make for an interesting example of organized protest but I'm not going to demand that anyone knowingly break a law.
If I were going to demand anything, i would demand that 3rd party repository creators make at least a token effort split the non-US and US redistributable packages into separate repositories. It seems completely irrational to me, to be providing additional packages for a US based Fedora Core, and not making an effort to work around the legal problems that Fedora Core has to live with respect to the DMCA. I don't see ANY search functionality being rolled into the official fedora project site that includes searching for packages that run afoul of US patent or copyright laws. If the official site does gain a package search feature, I highly doubt it will return any information about packages that can't be redistributed in the US. And at this point, that means only a few 3rd party repos could be indexed in such an official way because they do not make an effort to split US and non-US distributable package sets into separate trees.
So moving forward there is a choice to be made by the 3rd party repository community. Do they want to make it easier for the official project to link to them, by taking steps to work inside the non-technical limitations such as the DMCA that the official project must abide by. Or do they want to be completely free to package what they want how they want, paying no heed to the legal constraints FC must live under and thus having to always stay one Google search away from users finding any of your packages. There are pros and cons for both sides of that decision. And more importantly what the widely used end-user community tools will look like will depend on what the consensus is in the 3rd party repo community. There's really no point in trying to build something like this tracker into the main site, if most of the popular 3rd party repos can't be indexed because of the DMCA.
So moving forward there is a choice to be made by the 3rd party repository community. Do they want to make it easier for the official project to link to them, by taking steps to work inside the non-technical limitations such as the DMCA that the official project must abide by. Or do they want to be completely free to package what they want how they want, paying no heed to the legal constraints FC must live under and thus having to always stay one Google search away from users finding any of your packages. There are pros and cons for both sides of that decision. And more importantly what the widely used end-user community tools will look like will depend on what the consensus is in the 3rd party repo community. There's really no point in trying to build something like this tracker into the main site, if most of the popular 3rd party repos can't be indexed because of the DMCA.
This assumes that Tracker is going to be integrated into Fedora.org. As nice an ego-stroke as that would be for me, the very reasons you point out would seem to make keeping it as separate an entity as possible a good idea.
That is, unless developing a codified set of standards that all repositories must meet before being indexed can be deemed both feasible and in the best interest of the distribution.
On the one hand, the more standards and lack of legal liability the better.
On the other, this opens up a whole set of issues, not just of determining an appropriate policy, but of enforcing said policy without making it prohibitively difficult to be indexed. As much as I support the standardization of QA practices etc between repos, Tracker's job is to help bridge the gaps between repos, not throw up barriers to inclusion.
Could the required policy be as simple as requiring a free/non-free split, with Tracker not linking directly to non-free packages? What about repos that don't have any non-free packages? How to tell the difference between that sort of repo and one that has non-free packages, but isn't differentiating?
Are there any admins of third-party Repos on this list to provide opinions on ability/willingness? If nobody gives me a good reason not to at least solicit opinions on such a plan, I can take this part of the discussion to the repo-coord list and get input from there.
Then there's the issue of how much of all this is necessary. I realize that covering one's butt is good and that for a company it's essential. But I must wonder if enough is at stake over linking to mplayer et al to justify implementing and enforcing a major and probably controversial policy over it. Assuming I can procure some kind of official separation between me/my work and Red Hat (short of getting fired=;) it may be best just to move things overseas (assuming that would make a difference), de-link packages if/when the rightful parties ask us to do so and then be done with it.
But I'm butting my head against the IANAL wall here. I'll see to contacting someone more cluefull than myself about all this before actually doing (or deciding not to do) anything.
--Brad
devel@lists.stg.fedoraproject.org