-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 13 Feb 2014 11:26:54 -0500
Richard Fontana <rfontana(a)redhat.com> wrote:
On Tue, Feb 11, 2014 at 06:52:01AM -0600, Dennis Gilmore wrote:
> 2) cloud WG wants to be able to produce updates images, what are our
> requirements to ensuring source compliance with the GPL?
> Today the sources for livecds and appliance images are only in the
> source tree and not separated out. if we do updates images some
> sources will be in the base source tree and some in updates,
> however the updates sources will go away if the package gets
> another update. the only single source where we could point people
> at is koji.
I'm trying to understand the possible concern - why would pointing
people at koji not be good enough?
If ponting people at koji is good enough that's okay. The images will be
made available somewhere on the download server and via mirrors say
but to get the sources you would need to either go to koji where only
unsigned copies are easily available sometimes the only copy available.
We do clean up the signed copy of older updates, we keep the signature
header and can reattach it if needed. or you need to look through the
Base release or updates source trees where the signed copy of the rpm
will be available. With knowledge you can always get the source from
My concern is over how easily do we need to make the source
available? does the source need to be available in the same location as
do I need to have a source tree at
/pub/fedora/linux/releases/21/Update1/SRPMS/ for instance to match
above do we need to add a README.Sources or similar file that points
the user to where to get the sources or do we not need to do anything?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-----END PGP SIGNATURE-----