Council/council-docs
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

📝 docs(project): Add context for nonfree blobs and bundled dependencies

Browse source 
This commit addresses feedback from @mattia about the Upstream First
principle and why we do this in Fedora. Changes summarized below:

* Added "Non-Free Blobs" to Downstream Reasons: Incorporated the point
  about patching out non-free or pre-built blobs as a reason for
  downstream patches in the "When Downstream Changes Happen" section.

* Added "Avoiding Bundled Dependencies" Example: Included an example in
  the "Examples in Action" section illustrating how Fedora avoids
  bundling dependencies to ensure consistency, security, and
  compatibility.

Signed-off-by: Justin W. Wheeler <jwf@redhat.com>
This commit is contained in:
Justin W. Wheeler 2025-02-18 11:31:30 -05:00
parent 73112bf569
commit 013a145f9e
No known key found for this signature in database
GPG key ID: 7748B15FA8FA4C7E
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
project/modules/ROOT/pages/upstream-first.adoc
View file

@ -60,6 +60,10 @@ Reasons for downstream patches include:
* *Distribution-Specific Needs*:
Fedora, and its downstream distributions like EPEL, may have unique requirements or constraints that necessitate downstream modifications.
These needs might relate to specific hardware support, security considerations, or integration with other Fedora components.
* *Non-Free Blobs*:
Fedora is committed to promoting free and open source software and building everything from source.
Sometimes, upstream projects include non-free or pre-built binary blobs that Fedora needs to patch out to adhere to our principles.
While Fedora may discuss potential fixes with upstream, these patches might not always be accepted if there are no suitable alternatives or if they remove functionality.
In these situations, Fedora strives to minimize the scope and duration of downstream patches, and continues to work towards upstreaming changes whenever feasible.
Understanding the reasons for downstream changes is essential for maintaining transparency and trust within the community.
@ -97,6 +101,10 @@ Here are a couple of examples:
A Fedora packager discovers licensing issues with an open source project, such as unclear or non-compliant licenses for included assets.
Instead of simply excluding the project from Fedora, they work with the upstream developers to clarify or correct the licenses.
This ensures that the project can be included in Fedora and benefits the broader open source community by promoting license compliance.
* *Avoiding Bundled Dependencies*:
A Fedora packager notices that an upstream project bundles a specific version of a dependency.
Instead of using the bundled dependency, they repackage the project to use the system-wide version of the dependency.
This ensures consistency across Fedora packages, enables rapid security patch deployment, and maintains compatibility between interdependent packages.
These examples illustrate how upstream first fosters collaboration, shared ownership, and continuous improvement within the open source ecosystem.
We encourage you to share your own examples of upstream first contributions to this list.