Third-Party Software in Fedora Workstation
Fedora Workstation currently makes available a wide range of software packaged for Fedora by the Fedora community. To broaden the selection of available software, and allow upstream developers more control of software offered to their users on Fedora, we want to make it easier to find and enable the use of third-party software under Fedora. Third-party software in this context is any software not hosted on Fedora's infrastructure.
The initial setup for this feature is based around RPMs and yum respositories. However, as we move towards application bundles and sandboxed applications in the long term, we expect most third-party applications to be using those delivery methods instead of RPM packages.
The current implementation requires yum .repo files for any searchable third-party respository to be available on the system. The repositories are disabled by default. With these disabled .repo files, GNOME Software can search the repositories for metadata and display them in search results. If a user chooses software from a third-party source, he is asked explicitly if he wants to enable the third-party repository. The dialog indicates clearly that Fedora does not supply, promise support for, or guarantee third-party software. There is a default upstream message, but we can replace it in the Fedora package with custom text tailored to Fedora and approved by the appropriate body.
The third-party repositories need to be a curated list, to avoid including material that creates an undue legal liability for Fedora and Red Hat. That said, this list should not be seen as an official Fedora recommendation or approval. Therefore we need to establish objective criteria for what can go on it. We also need to work with Fedora Legal to create guidelines for what material can be simply added, and what material needs further legal review before addition.
To get some experience and hash out technical details, we will start with four pilot applications in Fedora 22: Chrome, Steam, PyCharm and OpenH264. They represent a range of options in terms of licensing and distribution, and thus should be useful for figuring out how things work from both technical and procedual viewpoints.
The current dialogs look like this:
How is this different from previous proposals?
One major change is that this proposal is concrete, including screenshots to showcase the process. Combined with adding notification for these third-party applications to clearly distinguish between software built and packaged by Fedora which follows all of our rules and guidelines, and software provided by third parties which do not necessarily adhere the same way.