On Wed, May 31, 2023 at 12:50 PM Vitaly Zaitsev via devel
<devel(a)lists.fedoraproject.org> wrote:
On 31/05/2023 15:44, Gerd Hoffmann wrote:
> We do similar things in other cases, see for example shim-unsigned.rpm +
> shim.rpm
Shim is a special case:
1. Shim need to be signed by Microsoft on their own infrastructure and
this signature will be built directly into PE file.
2. Shim runs on UEFI, so it can use exception for firmware.
> The prebuilt RPMs are compiled on Fedora infrastructure too, so I don't
> see how that violates the 'build from source' requirement.
If the package uses prebuilt blobs (their origin is irrelevant), it
violates current Fedora packaging guidelines.
To be clear, "current Fedora packaging guidelines" are not set in
stone. The existence of this Change implies that it would result in
the alteration of those guidelines. You keep using the existing
guidelines as a supporting argument that this should not be allowed.
If we can't change rules because the current rules exist... How do we
proceed at all?