updates in stable branches introducing new dependencies

Hello, does anyone else beside me think it's not OK to introduce new dependencies without any explanation in package updates released to stable Fedora branches? Arguably, the current stable updates policy is against this https://fedoraproject.org/wiki/Updates_Policy#Stable_Releases : [...] Updates should aim to fix bugs, and not introduce features, [...] This is happening regularly and FESCo mostly ignored the issue when I raised it (https://pagure.io/fesco/issue/1682). Sadly, this is still happening, and the reason for this particular e-mail is the httpd update httpd-2.4.33-2: https://bodhi.fedoraproject.org/updates/FEDORA-2018-6744ca470d https://bodhi.fedoraproject.org/updates/FEDORA-2018-375e3244b6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-22b25bab31 It was pushed as a security update, but nowhere does it say why mod_brotli is now enabled and that brotli is a new dependency. https://www.apache.org/dist/httpd/CHANGES_2.4.33 doesn't say anything about brotli, either. It was actually added (upstream) in 2.4.26: https://www.apache.org/dist/httpd/CHANGES_2.4 [...] Changes with Apache 2.4.26 [...] *) mod_brotli: Add a new module for dynamic Brotli (RFC 7932) compression. [Evgeny Kotkov] [...] but Fedora maintainer waited until 2.4.29 to enable it: https://src.fedoraproject.org/rpms/httpd/c/95a0c9518b8a5659e7ba07aad0bcc3... and gave no explanation for doing it. I filed a bug: https://bugzilla.redhat.com/show_bug.cgi?id=1564699 but the maintainer refused to even comment on the merits and closed it without any reasonable explanation. I find his response not excellent. Is this a legitimate issue or am I making storm in a teacup here? Ever-increasing package sizes and dependency bloat do seem to be a popular topic these days. Regards, Dominik -- Fedora https://getfedora.org | RPMFusion http://rpmfusion.org There should be a science of discontent. People need hard times and oppression to develop psychic muscles. -- from "Collected Sayings of Muad'Dib" by the Princess Irulan