= phenomenon =
There are lots (> 50000) of upstream packages packaged for Fedora. Human nature being what it is, there are going to be occasions when the name of the package has been chosen, deliberately, for, e.g., the particular meaning of a word which is strongly associated with harassment of a particular group.
= reason =
Human nature, I guess.
= recommendation =
This is difficult. Here are some points:
Ideally, FESCO should not be in the position of policing package names. The only reason for this statement, is that the job is a pain, and requires getting into the contentious debate over what is inappropriate and what is not. All these objections also apply to the policing of behavior at conferences, and yet many conference committees believe that it is necessary to take on this thankless task. So, there is no essential reason why FESCO shouldn't consider it its obligation to do this policing, but there are good reasons to avoid it if possible.
Publicly stated intent should matter. English is a big language and many words have many meanings. An accidental coincidence of a package name with an inappropriate name is not the same as the deliberate choice of an inappropriate name.
The names of existing packages should not be viewed as some sort of legal precedent, justifying the names of all subsequent packages.
It would be bad for FESCO to find itself in the position where it seems to be saying, e.g., "misogynist names are A-OK with us, but racism is not allowed" (or vice-versa). This relates to point (1).
It is unreasonable to expect that the appropriateness of the name and the quality of the software are necessarily going to be in a direct relationship. In other words, reasonably useful software with an inappropriate name is far from impossible.
Most likely, it is technically infeasible to change all but the most superficial aspects of a library with an inappropriate name. That is, you could give the package a different name, but the library itself would retain its name, because other libraries or applications would depend on that name, and so on.
One possible recommendation:
FESCO could choose to recommend that FPC state unambiguously that the name of the Fedora package must be the same, modulo other naming constraints, as the name of the upstream package. It could also state clearly that this does not imply an endorsement of the name. This would show lack of selective hatefulness in Fedora, although not in the community at large from which these upstream packages are taken (see 4), while at the same time explicitly acknowledging that some names are inappropriate. (I think it is self-evident that words that are routinely used for harassment of some group of individuals by another group are not good names to deliberately choose for packages.)
It should be possible for a Fedora packager to expressly disavow the choice of name of the package they are packaging in a way that is attached to the package itself, i.e., it should be visible via "dnf info", or some such thing. This should be visibly recommended in FPC guidelines and should ideally have a standard form. The idea that if you don't like the name just don't package it won't really fly; if it is packageable somebody else, with perhaps fewer scruples than yourself, will go ahead and package it and then you will not have the option even to express your regret that the writers of this useful package chose this offensive name. Failure to explicitly disavow an offensive package name will then become a statement in itself, of acceptance or approval. A packager has a bunch of responsibilities already, this is just one more, and not on average the biggest, because most packages names were never intended to be offensive, and don't look like they were.
The bz that got this all started: https://bugzilla.redhat.com/show_bug.cgi?id=1343734.
I've been following this a bit on the FPC list. First, thank you mulhern for the very complete summary. That is helpful.
So, I don't think we really want FESCo to become ''too'' responsible for policing terminology, particularly if we start becoming responsible for determining '''intent''' of a packaging name. That said, I think a blanket statement of the Fedora package must be the same, modulo other naming constraints, as the name of the upstream package" isn't quite strong enough. However, I think building a specific mechanism to publicly and loudly "disavow" the upstream package name is a bit overkill (and will lend itself to unnecessary criticism and uninformed screams of censorship).
I would be all in favor of strongly encouraging that when an offensive package name appears that the packager should be allowed (without any sort of particular permission) to package it with a different package (and subpackage) name. I don't think the reasoning needs to be visible in dnf info so much as just ensuring that the package has {{{Provides: originalname}}} so that attempts to install it will cause it to be pulled in. The packager ''''must''' however include a comment in the spec file explaining that the name is changed from upstream because the packager feels it is inappropriate. This would be a useful cue to future maintainers of the package as well as to the package reviewer.
dnf info
Between the file-level conflicts and the {{{Provides:}}}, there should be no reason that someone else would then attempt to package the other version.
FESCo folks: consider the above to be a long-winded proposal to vote on. If someone wants to cut it down to a sound-bite, be my guest.
I'm the requester for the above linked package review request.
From my point of view, with this ticket we're encouraged to make an effort at upstream to rename its release tarball. How to achieve that?
The guidelines passage ¹ in question as in current state seems to be:
''You can take some cues from the name of the upstream tarball, the project name from which this software came, and the name which has been used for this package by other distributions/packagers in the past. You can also request guidance from the upstream developers. Do not just blindly follow those examples, however, as package names should strive to be consistent within Fedora more than consistent between distributions.''
All in all, I don't see much benefit to rename a package but use the upstream tarball with its (obviously offense) name anyways. Besides and in our specific case, the file name of the source tarball is written additionally in uppercase what means another offense, but that's forbidden in our guidelines anyways. Maybe we can follow the other guidelines passage ² for forbidden characters:
''Accordingly, when the upstream name is outside of the specified ASCII character set, the Fedora package maintainer should first contact the upstream for that software and ask them for a transliteration of the name for Fedora to use.''
''If (and only if) the upstream is unable, unwilling, or unavailable to provide a transliterated name, the Fedora packager must choose to either perform their own transliteration, or withdraw the package from consideration in Fedora.''
''When deciding how to transliterate a package name, the Fedora packager should look to see what (if any) other distributions have done for that package's name, and take that into account.''
I checked Debian and ArchLinux, both use also the (offense) name of upstream!
¹ https://fedoraproject.org/wiki/Packaging:NamingGuidelines#General_Naming
² https://fedoraproject.org/wiki/Packaging:NamingGuidelines#When_Upstream_Naming_is_outside_of_the_specified_character_set
I would like to amend point (3) to be somewhat more broad.
I agree that considering intent for this policy question may not be helpful. (This is not to say that intent is not an important consideration when making all sorts of judgements, but just that it may be simpler to leave it out of the policy discussion.)
Can a Fedora package name be retired in favor of a new package name? I'm considering the situation where packager B takes over from packager A and decides that they would prefer to make use of your suggested renaming option, but packager A had not done so.
Replying to [comment:6 mulhern]:
Can a Fedora package name be retired in favor of a new package name?
https://fedoraproject.org/wiki/Package_Renaming_Process
tl;dr Yes, but it has to go through the review process again.
I think that the mechanism sgallagh has suggested seems reasonably simple and workable. As raphgro has pointed out it is not as strong as, for example, prohibiting the package; but for the the reasons I stated above, I think prohibiting the package is impractical.
It allows both oversight by reviewer and reversal of a previous decision, which is good. With "Provides" and so forth in place, it should more or less just work. Renaming might be kind of onerous, since it involves the retiring process, but that shouldn't have to happen that often.
It leaves it up to the packager and reviewer, and any other subsequent packager, which allows it to be somewhat self-regulating as opposed to regulated.
Supposing this proposal were voted on and accepted, would it change any documentation anywhere, either FESCo or FPC?
I do not see liboobs as any different to the libass, libsexy or the three packages with f$$k in the name I do not think it is our place to be the naming police.
Replying to [comment:9 ausil]:
Please see original post, in which I address these points.
I have the following concerns with regard to this ticket.
I. One concern is that FESCo/FPC do not become the occasional naming police. I believe that upstream is already engaging in selective self-censorship; I suspect that you would find that there are more misogynist joke names than there are anti-Islamic joke names or death-threat joke names for packages. I won't speculate why here. If FESCo/FPC is going to take the stance that it is not going to censor names, then it should (1) admit that it understands that some names are objectionable to real people in their community (not just to overly-sensitive objects of ridicule), and (2) clearly state that it is not on that basis going to censor any name, whatsoever. And then stick with point (2) whatever package names it gets presented with.
II. The second is that if there is an option to take some action, then packagers don't take refuge in saying "FESCo/FPC made me do it". If that option is there then it is the individual packagers choice what they do and it is their responsibility to make that choice.
My original idea was to make it mandatory to make the package name the same as upstream. That handles point (I) pretty well, since if that is the FESCo/FPC rule, then its own rule prevents it from becoming the selective naming police. The second part, where the packager can add their objections to the description, was to allow packagers freedom to address the problem of names that they find objectionable and give them personal responsibility for their choice. However, I think that sgallagh's suggestion for the mechanism is an improvement over my suggestion.
Unfortunately, I get the feeling from reading the minutes, that point (I), which is just as important as point (II) if not more so, was more or less overlooked and that point (II) was not really fully understood.
I wasn't at the meeting to clarify because the FESCo home page stated that meetings are on Wednesdays. I know better now.
Just to keep FESCo up to date:
I filed, and FPC has accepted, a ticket to define and clean up language relating to MUST and SHOULD in the packaging guidelines: https://fedorahosted.org/fpc/ticket/633
So I will be working on that, and after adding the definitions I'll do the naming guidelines immediately.
I'll leave it up to FESCo to decide if this is a sufficient solution to the issue.
AGREED: close ticket #1587 (+1: 7, 0: 0, -1: 0)
We'll let FPC continue with fixing guidelines, please raise new conflicts to FPC (guidelines) or ultimately to FESCo for resolution as per usual.
Login to comment on this ticket.