[ACTION REQUIRED] Retiring packages for F-17

Stephen Gallagher sgallagh at redhat.com
Thu Jan 19 23:50:50 UTC 2012 

On Thu, 2012-01-19 at 15:30 -0800, Adam Williamson wrote:
> On Sat, 2012-01-14 at 19:12 +0100, Kevin Kofler wrote:
> > Kevin Fenzi wrote:
> > > Keeping packages around with no maintainers or people handling their
> > > bugs is poor for everyone.
> > 
> > Why? If I, as a user, really need a certain piece of software, I'd rather 
> > have an unmaintained package than none at all! Worst case, I can't use the 
> > package at all, in which case I'm still no worse off than with no package at 
> > all!
> 
> I disagree. The existence of a package triggers certain assumptions: the
> package will be maintained and keep working. That's the point of there
> *being* a package, after all. So if there's a package for something, I
> don't check for security updates for that 'something' myself. I figure
> the packager is doing that for me.
> 
> So if I wind up with an unmaintained package installed, my security has
> just been reduced.
> 

Yes, I agree with this completely. If something is not being maintained
in Fedora, it's better to retire it. Then a user who wants that piece of
software will have two options:
1) They can build it and maintain it themselves on their own system(s)
2) They can choose to build and maintain it for Fedora by unretiring it.

Either way, they will not be given a false sense that the package is
being maintained.

> >  (And now with my packager hat on, fixing and/or updating a package in 
> > the repo also requires less effort than unretiring a package which got 
> > removed.)
> 
> This is an important point: I think it would be much less of a problem
> to retire packages if the process for unretiring them were not so
> painful. I _do_ think the unretiring process is an excellent example of
> unnecessary bureaucracy (as is the renaming process, good lord, what a
> PITA). Those two things could stand to be trimmed down. At least to 'if
> you're a provenpackager (or even just a sponsored packager) you can
> unretire a package without any obstacles'.

If you file a FESCo ticket to change this policy, this approach would
have my support. There's no reason that a package rename or unretirement
should need to go through a full review (although as I said in an
earlier email, the side-effect here is that such things can help curb
specrot).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120119/2d11fbe6/attachment.sig>

More information about the devel mailing list