[ACTION REQUIRED] Retiring packages for F-17

Adam Williamson awilliam at redhat.com
Thu Jan 19 23:30:50 UTC 2012


On Sat, 2012-01-14 at 19:12 +0100, Kevin Kofler wrote:
> Kevin Fenzi wrote:
> > Keeping packages around with no maintainers or people handling their
> > bugs is poor for everyone.
> 
> Why? If I, as a user, really need a certain piece of software, I'd rather 
> have an unmaintained package than none at all! Worst case, I can't use the 
> package at all, in which case I'm still no worse off than with no package at 
> all!

I disagree. The existence of a package triggers certain assumptions: the
package will be maintained and keep working. That's the point of there
*being* a package, after all. So if there's a package for something, I
don't check for security updates for that 'something' myself. I figure
the packager is doing that for me.

So if I wind up with an unmaintained package installed, my security has
just been reduced.

>  (And now with my packager hat on, fixing and/or updating a package in 
> the repo also requires less effort than unretiring a package which got 
> removed.)

This is an important point: I think it would be much less of a problem
to retire packages if the process for unretiring them were not so
painful. I _do_ think the unretiring process is an excellent example of
unnecessary bureaucracy (as is the renaming process, good lord, what a
PITA). Those two things could stand to be trimmed down. At least to 'if
you're a provenpackager (or even just a sponsored packager) you can
unretire a package without any obstacles'.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net



More information about the devel mailing list