Kevin Kofler via devel kirjoitti 25.3.2024 klo 20.34:
Miroslav Suchý wrote:I just upgraded my workstation to F40 and it surprised how many packages were reported by `remove-retired-packages`. There was lots of orphaned packages - there is nothing to do about them. But there was lot of packages that were removed intentionally. See the list at the end of my email. I want to highlight that we have policy for removing policy https://docs.fedoraproject.org/en-US/package-maintainers/Package_Retirement_Process/#complete_removal which at the end mention adding the package to https://src.fedoraproject.org/rpms/fedora-obsolete-packages
I do not think the "Completely Removing a Package" section is meant for the cases you mention. The only example given in that section is licensing issues, i.e. a situation where Fedora was actually not even allowed to distribute the package, either because of the license conditions, or because of Fedora's own bylaws.
On the other hand, you do not have to refer to that section if you want to remind packages about fedora-obsolete-packages. Right before there is "Obsoleting Packages", which asks to consider obsoleting for every retirement.
The point of fedora-obsolete-packages is to remove packages that actually BREAK things when they remain installed. Otherwise, the best thing to do is to NOT obsolete those packages. Users might still rely on them. E.g., they might have locally built software that depends on the dropped compatibility libraries. Forcefully obsoleting those will break the locally installed software.
I have wondered at this approach even since I discovered that Fedora actually handles retired packages on distro upgrade like this. In today's always-connected IT environment full of malicious actors and threats, I consider it a basic principle to only have software that is kept up-to-date by *somebody*. For stuff I built and/or installed by myself, I take that responsibility myself, and suffer the consequences when I fail to deliver. But if distribution stops providing upgrades to a package, I would expect it be removed automatically.
So, I would actually much prefer if package retirement automatically added the package to fedora-obsolete-packages. Perhaps there are special cases where that would not be a good idea - if there are some, `fedpkg retire` could have a flag to prevent that from happening.
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
