Re: Fedora 33 System-Wide Change proposal: Fedora-Retired-Packages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 16, 2020 at 02:21:27PM +0200, Kamil Paral wrote:
> You can't say whether it's working, because it has been retired in Fedora,
> it has no maintainer, no testing, no security updates or bug fixes.

"Retired" means it has no maintainer willing to fix a package build 
error, nothing more.  It does not imply the package has been tested, or 
is receiving any sort of bug fixes or security updates.

(I can provide counterexamples of "maintained" packages in Fedora that 
 simply *did not work*, for *multiple releases*.  But it packaged 
 cleanly, so it got shipped.)

Only the final user can determine if they need a specific package or 
not.  Indeed, being installed is a pretty good indication that the user 
actually wanted it.  Do they still want it?  Only they can answer that.

Under no circumstances is it okay to remove a package without being VERY 
EXPLICIT that it is being removed due to it blocking an upgrade.

(In the past, and indeed today, this explicit user consent on upgrades 
 is required, in the form of manually removing the offending package or 
 passing --allowerasing on the DNF command line)

> Nor will broken systems or systems infected by malware because of security
> flaws. The user has freedom to ignore any of our workflows, but the
> defaults should be well-maintained and safe.

"Safe" also means "don't do things the user doesn't expect."

Auto-removing software is a *significant* change in user-visible 
behavior, and it's the non-powerusers that will be the ones impacted the 
most.

> I'd like Fedora systems to be transparent and honest. If some packages need
> to be removed, tell me about it, and ideally also tell me why (e.g. no
> longer maintained). 

Not "ideally", "must" -- because you never, never, never remove stuff 
without expliclt user consent, and the user can't meaningfully consent 
if they're not given enough information to make that determination.

This distinction is crucial -- packages being "removed" is not just part 
of every 'dnf system-upgrade' I've ever done, but also nearly every 
routine 'dnf update' (kernel packages are added/removed, not 
"upgraded").  

And that's the cmdline view; if folks use the GUI tools (ie most users) 
only "updated" packages are shown in the details, not stuff that's being 
added or removed.  How exactly is the user supposed to be informed?

 - Solomon
-- 
Solomon Peachy			      pizza at shaftnet dot org (email&xmpp)
                                      @pizza:shaftnet dot org   (matrix)
High Springs, FL                      speachy (freenode)

Attachment: signature.asc
Description: PGP signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux