On Tue, Jun 16, 2020 at 12:25 PM Kevin Kofler <kevin.kofler(a)chello.at>
Kamil Paral wrote:
> I'll not talk about implementation, there are more suitable people for
> that here. But I'll voice my opinion that automatically retiring software
> from Fedora users' computers is a sane and proper thing to do. If a
> package is removed from Fedora, it should also be removed from users
> computers (during FN+1 upgrade). Of course, we should allow users to keep
> it, if they want it. But the default process should happen automatically,
> and users should opt-out of automatic retiring, instead of opt-in. Only
> this way we can build a secure and reliable operating system.
> If only power users can opt-out from retiring a package (e.g. by editing
> dnf.conf), I don't think that's a problem. Because even though general
> users will of course be unhappy when an application they use get
> permanently removed during system upgrade, they will be even more unhappy
> when their system suddenly breaks in the future, either by unresolved
> dependencies, or when the retired app/library causes the system to not
> boot or breaks the desktop, because nobody at that points expects and
> tests those software interactions. A general user can resolve a missing
> app, but they can't resolve a broken OS. If they want to deviate from the
> system we provide, it's reasonable to ask them to have certain technical
> knowledge, instead of allowing them to shoot themselves in the foot (even
> unknowingly, by not doing automatic retirement).
I cannot agree with these statements. I think removing working software
You can't say whether it's working, because it has been retired in Fedora,
it has no maintainer, no testing, no security updates or bug fixes.
users' systems is not something we should ever do. I see it as
incompatible with our "Freedom" principle (what happened to Freedom 0, the
right to run the software?),
Your freedom is unchanged, you can still do whatever you want with your
system. You can opt out of any process and behavior in Fedora, because full
sources are available. And not only that, we will have a way for power
users to easily opt-out. We might even have a way for general users to
opt-out, if we go the extra mile (but the extra mile is not necessary for
the purpose of this proposal, in my eyes).
and also with "Features" (as removing an
application obviously removes its features).
That principle doesn't say that no features will ever be removed.
And it surely will not make you
any "Friends" either.
Nor will broken systems or systems infected by malware because of security
flaws. The user has freedom to ignore any of our workflows, but the
defaults should be well-maintained and safe.
I'd like Fedora systems to be transparent and honest. If some packages need
to be removed, tell me about it, and ideally also tell me why (e.g. no
longer maintained). If possible, tell me how to avoid it temporarily (it
might be months or years, but unmaintained software will break one day
unexpectedly), but be clear about the consequences. For general users, this
information might involve just "important" packages (not libraries etc) -
we don't do this well at present.
This approach beats "never ever removing anything, at any cost", at least