On Mon, Jun 15, 2020 at 9:50 PM Ben Cotton <bcotton@redhat.com> wrote:

== Summary ==
All retired packages are obsoleted by `fedora-retired-packages`.

I'll not talk about implementation, there are more suitable people for that here. But I'll voice my opinion that automatically retiring software from Fedora users' computers is a sane and proper thing to do. If a package is removed from Fedora, it should also be removed from users computers (during FN+1 upgrade). Of course, we should allow users to keep it, if they want it. But the default process should happen automatically, and users should opt-out of automatic retiring, instead of opt-in. Only this way we can build a secure and reliable operating system.

If only power users can opt-out from retiring a package (e.g. by editing dnf.conf), I don't think that's a problem. Because even though general users will of course be unhappy when an application they use get permanently removed during system upgrade, they will be even more unhappy when their system suddenly breaks in the future, either by unresolved dependencies, or when the retired app/library causes the system to not boot or breaks the desktop, because nobody at that points expects and tests those software interactions. A general user can resolve a missing app, but they can't resolve a broken OS. If they want to deviate from the system we provide, it's reasonable to ask them to have certain technical knowledge, instead of allowing them to shoot themselves in the foot (even unknowingly, by not doing automatic retirement).

So on this level (and ignoring implementation), I'm in favor of this proposal - make it automatic and allow opt-out (targeting just power users for opt-out is fine).