[moving to fedora-mono]
Hi Christopher, Hi All,
On 12/13/2009 12:16 PM, Christopher Brown wrote:
>> The whole business of not shipping code-signing keys is a little
>> contrary to open source. I think this is something that GPLv3 would
>> prohibit. We should use a single well-known signing key for any package
>> that we don't have the keys for, I think.
>
> You're right.
>
> This has already been resolved in devel by added mono.snk to the
> mono-devel package. I'm just waiting on commit access to make the
> required changes to F-11 and F-12 unless someone else wants to do it.
I'm currently preparing an update of mono for F12 to the new upstream
bugfix release 2.4.3.
I would volunteer to add mono.snk as well.
However, I have two questions:
1. I've seen that you've uploaded mono.snk to the lookaside cache, but
it is currently also checked in into CVS. Where should it finally reside?
2. Using a static key for all updates of a certain mono package which does
not provide one itself will result in the problem, that our package will
make promises about ABI stability which may not be true. Although the
package/library may have an ABI change, it won't look like this.
Would it be acceptable just to push out e.g. such a library with all other
packages which depend on it or would it make sense to reflect ABI changes
then in the Requires of the packages so that a specific version (or
greater) of the library will be enforced?
@Christopher: If you like you can subscribe to fedora-mono, probably the
list can be revived... ;-)
Best regards,
Christian