On 2/21/19 8:22 PM, Japheth Cleaver wrote:
On 2/20/2019 7:29 AM, Panu Matilainen wrote:
> On 2/20/19 5:19 PM, Sérgio Basto wrote:
>> On Wed, 2019-02-20 at 11:46 +0100, Dridi Boukelmoune wrote:
>>> No, that was a bad joke from my end, what I need is proper apt in
>>> Fedora to use sbuild.
>>
>> If you also do the review-request for apt [1] it would be great
>> dh-python also welcomed :) [2]
>> The problem is apt is in use by apt-rpm and was not retired yet , we
>> need use another name , my propose is apt-debian .
>
> Just FWIW, the fact that apt-rpm is still in Fedora is against the
> direct recommendation of the last upstream maintainer (as in, me).
>
> It's been dead for ten years and is totally useless in todays Fedora
> with rich dependencies and all. Short of somebody stepping up to
> revive the upstream project, the only responsible action would be
> retiring it.
That may be the case for *Fedora*, but plenty of RPM-based distros don't
use rich dependencies (optionally: yet), and .spec-writers may chose to
avoid using them for maximal compatibility. That's not itself a reason
to write it off.
Shipping dysfunctional software gives an impression of bad quality. But
that's merely an image issue.
The real problem is (and I shouldn't have to spell it out on a devel
list really) that this is software that accesses network, requires root
to run and cannot even be contained by SELinux and the like because it
by it's nature requires unlimited permissions. Said software is
unmaintained for years and has any number of security vulnerabilities,
some even known, that nobody is fixing. Those who can build the software
by themselves from the source for their own specific needs can be
expected to asses and deal with the risks involved, but shipping such
software in a distro is just irresponsible.
- Panu -