On 01/21/2014 01:40 PM, Fons Adriaensen wrote:
Exactly. "Releasing source code is not enough". Again exactly.
If you want downstream maintainers/packagers to do the hard work in
producing trusted binaries so that you will never get an email about why
won't this build again, there's a few things you can do:
- be a absolutely clear in your licensing. the upstream author of this
plugin sent me an email and said I can use this code is not good enough
- don't bundle libraries. It's lazy and its insecure insecure. If
upstream has a major problem with you - fork it. Look at ntk for an example.
- become a package maintainer, you are doing all the hard work anyway
kxStudio would be great in Fedora ;)
If people don't know how to find devel packages then they shouldn't be
compiling software. The fact that the need to is a mistake.
I really recommend that people should really petition their distros
first before trying to build the latest release themselves. Encourage
users to file bugs to both distro and/or maintainer. More often than not
the downstream packager does not even realize a new version exists. I'm
maintaining >100 Fedora audio packages and it is hard to keep up.
Linux-audio-dev mailing list