On Mon, Jan 13, 2025 at 11:53 AM Clemens Lang <cll...@redhat.com> wrote: > > Hi David, > > > On 13. Jan 2025, at 11:38, David Sommerseth via devel > > <devel@lists.fedoraproject.org> wrote: > > > > > > Has something changed in the Fedora EPEL packaging policy in regards to > > package stability? > > Just for the record: I’m explicitly not answering this question. I’m also not > the maintainer for sequoia-sq.
I am, so let me answer the question. > > Since the updates which has arrived since early December 2024, the updates > > to sequoia-sq has twice broken my automated scripts. > > sequoia-sq did not yet have an upstream 1.0 release and did simply not yet > have a stable command line interface. With the release of 1.0, upstream will > now support a stable command line interface. This isn't new since December 2024, the sq CLI was *never* stable, and basically every 0.x -> 0.(x+1) release broke some part of the command-line API. The upstream project made it quite explicit that the CLI would only be stable going forward after the 1.0.0 release. > > The first update which broke my scripts changed --recipient-file to > > --for-file. And on Friday another update arrived which added now a > > required --without-signature or a --signer-* argument. > > > > Rest assure, I understand the importance of upgrading packages, add > > improvements and even the signing aspect in PGP. But my understanding has > > been that the EPEL packages should be more stable than this. > > I don’t think EPEL can reasonably add stability guarantees that upstream does > not provide except by pinning a package at an old version, but that would > mean that EPEL would essentially package unsupported software. Yes, this. I can't as a package maintainer provide more stability guarantees than what upstream considers stable. And providing stability for something that's explicitly unstable and subject to change would just mean that I can't push updates *at all*, which isn't what you want for a crypto-related program, I think. With hindsight, it might have been "better" to not provide sq packages for EPEL 9 *at all* until the 1.0.0 release was out. But there was user demand for it, so I built it for EPEL 9, under the assumption that users would know that the sq CLI is not stable yet. Fabio -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
