On Tue, Dec 24, 2024 at 08:29:26AM -0800, Adam Williamson wrote: > On Tue, 2024-12-24 at 09:15 -0500, Ben Beasley wrote: > > I agree with the plan, but I wanted to note that deprecating a package > > that other packages depend on requires a FESCo-approved Change[1]. > > > > (It is weird that the deprecation policy is so much more bureaucratic > > than the retirement policy. By comparison, I don’t know of any policy > > that would forbid summarily retiring a package that others depend on. > > It’s a bad practice, and one might be asked to allow someone else to > > unretire and maintain the package if the consequences are bad enough, > > but I’ve never seen a blanket policy against it.) > > I'd suggest we amend the retirement process to specify that if the > package-to-be-retired has any dependencies, it must go through the > deprecation process first. I suspect the retirement process as written > is kinda written with the assumption that the package being retired is > already 'useless' (it does say "In case the package is no longer useful > for Fedora, e.g. because it was renamed, or upstream does not exist > anymore, then it should be retired"). > > The 'deprecation' process I think resulted from a couple of cases of > very significant things like network-scripts getting deprecated. > Perhaps we need some kinda middle ground, but it's a bit hard to > express "if it's really important, Change; if it just has a few deps in > one specific area, send out emails" or something like that. Agreed. If it's a handful of packages that can all be fixed in a side tag, I think it's fine to retire a package without a change process. There's probably also other cases where there are bad enough CVEs that we want to stop using a package even in stable releases - even though we can't retire it there (so a Change process is not timely enough) but I suspect we'd want to get FESCo approval for that too. Best, -- _o) Michel Lind _( ) identities: https://keyoxide.org/5dce2e7e9c3b1cffd335c1d78b229d2f7ccc04f2 README: https://fedoraproject.org/wiki/User:Salimma#README -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
