关联的issue。
在合规SIG例会上针对免责声明存放位置进行了两轮讨论,并形成了两种方案:
方案1 :
在每一个src-openEuler软件包仓中,固定添加独立的、与SPEC文件并列的SPEC免责声明文件。
优点 :方便直观,可通过社区机器人实现建仓自动添加、门禁检查等功能,且不影响下游OSV厂商根据openEuler软件源重新构建软件包。
缺点 :
生成的source RPM包(srpm)不含有该免责声明,如通过解压srpm包获得spec文件,免责声明丢失。
openEuler现在第三方软件包数量8000+,在所有的仓库中添加免责声明文件工作量较大。
若免责声明条款发生变更或改动,改动比较麻烦。
方案2 :
在每一个src-openEuler软件包仓spec文件中,添加独立的免责声明片段。
优点 :1、可随srpm包始终包含免责声明,也可通过社区门禁系统判断spec文件是否添加该声明,使每一个提交软件包的社区贡献者均明确的了解到该免责声明信息;2、可在spec文件中添加一个字段,该字段申明免责条款,内容可以附上免责条款链接,而该链接指向的免责条款内容可以附在openEuler官网上。
缺点 :下游OSV厂商根据openEuler软件源重新构建软件包时,携带openEuler社区的免责声明是否合适。
欢迎大家对这两种方案提出建议,或者是否还有其它方案,欢迎大家参与讨论。
Associated with this issue。
At the regular meeting of compliance SIG, two rounds of discussions were held on the place location of disclaimers, and two solutions were formed:
Solution 1 :
In each src-openEuler software package repository, add a separate SPEC disclaimer file that is parallel to the SPEC file.
Advantages : it is convenient and intuitive. The community robots can be used to automatically add repository,access control check and other functions,and do not affect the downstream OSV vendors to rebuild the software packages based on openEuler software sources.
Disadvantages :
The generated source RPM package (srpm) does not contain the disclaimer. If the spec file is obtained by decompressing the srpm package, the disclaimer is lost.
Now openEuler has 8000+ third-party software packages, and the workload of adding disclaimer files in all repository is large.
If the contents of the disclaimer are changed, the changes will be more troublesome.
Solution 2 :
In each spec file of src- openEuler package repository, add a separate disclaimer fragment.
Advantages : 1. The disclaimer can always be included with the srpm package, and it can also be jueged by the community access control system whether to add the disclaimer to the spec file, so that each community contributor who submits the software package can clearly understand the disclaimer information; 2. Add a field to the spec file, which declare the disclaimer, and the content can be attached with a link to the disclaimer, and the link can be pointed to the openEuler official website.
Disadvantages : when downstream OSV vendors rebuild the software package based on the openEuler software source, whether it is appropriate to have the disclaimer of the openeuler community.
Welcome to make suggestions on these two solutions, or if there are other solutions, please participate in the discus.
Hi smartsyoung, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at
https://gitee.com/openeuler/community/blob/master/en/sig-infrastructure/command.md.
If you have any questions, please contact the SIG: sig-compliance, and any of the maintainers: @king-gao, @genedna, @郑志鹏, @SmartsYoung.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
你好, @虫儿飞 , @wangyueliang ,线下投票可以点击投票结果查看,投票结果是方案二支持者较多,请问对投票结果还有疑问吗?我是否可以关闭此issue?
Hi, @bugflyfly, @wangyueliang, you can click Voting Results to view the offline voting results. The voting result is that there are major supporters for Option 2. Do you have any questions about the voting results? Can I close this issue?
@SmartsYoung 没有疑问,同意按投票结果执行
#I35AEJ:代码仓的spec的免责声明 用该issue 跟踪免责声明的遗留问题
登录 后才可以发表评论