On Tue, Jun 16, 2020 at 02:21:27PM +0200, Kamil Paral wrote:
> You can't say whether it's working, because it has been retired in Fedora,
> it has no maintainer, no testing, no security updates or bug fixes.
"Retired" means it has no maintainer willing to fix a package build
error, nothing more. It does not imply the package has been tested, or
is receiving any sort of bug fixes or security updates.
(I can provide counterexamples of "maintained" packages in Fedora that
simply *did not work*, for *multiple releases*. But it packaged
cleanly, so it got shipped.)
Only the final user can determine if they need a specific package or
not. Indeed, being installed is a pretty good indication that the user
actually wanted it. Do they still want it? Only they can answer that.
Under no circumstances is it okay to remove a package without being VERY
EXPLICIT that it is being removed due to it blocking an upgrade.
(In the past, and indeed today, this explicit user consent on upgrades
is required, in the form of manually removing the offending package or
passing --allowerasing on the DNF command line)
> Nor will broken systems or systems infected by malware because of security
> flaws. The user has freedom to ignore any of our workflows, but the
> defaults should be well-maintained and safe.
"Safe" also means "don't do things the user doesn't expect."
Auto-removing software is a *significant* change in user-visible
behavior, and it's the non-powerusers that will be the ones impacted the
most.
> I'd like Fedora systems to be transparent and honest. If some packages need
> to be removed, tell me about it, and ideally also tell me why (e.g. no
> longer maintained).
Not "ideally", "must" -- because you never, never, never remove stuff
without expliclt user consent, and the user can't meaningfully consent
if they're not given enough information to make that determination.
This distinction is crucial -- packages being "removed" is not just part
of every 'dnf system-upgrade' I've ever done, but also nearly every
routine 'dnf update' (kernel packages are added/removed, not
"upgraded").
And that's the cmdline view; if folks use the GUI tools (ie most users)
only "updated" packages are shown in the details, not stuff that's being
added or removed. How exactly is the user supposed to be informed?
- Solomon
--
Solomon Peachy pizza at shaftnet dot org (email&xmpp)
@pizza:shaftnet dot org (matrix)
High Springs, FL speachy (freenode)
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
