As requested on this ticket, I'm opening this up for discussion.
https://fedorahosted.org/fesco/ticket/1332

There's a proposal to retire packages quite quickly (I think) after
they are orphaned.  At the moment packages are retired once per
release.  A notice is posted on devel list, see for example:

https://lists.fedoraproject.org/pipermail/devel/2013-August/188490.html

The proposal is to change this to 4 weeks after the package is
orphaned, assuming no maintainer picks up the package within that
time.

It's my belief that:

(a) The reason for wanting packages to be retired so quickly has not
been made clear by rel-eng.

(b) The biggest reason for people to use one distro over another is
based on number of packages available to be installed.  By retiring
packages more quickly we inevitably reduce this number thereby making
Fedora less popular.

(c) An orphaned package is not necessarily a risk ("security" has been
mentioned here ...).  Just because it might be a risk on rare
occasions doesn't mean we have to throw out every orphaned package.
Security bugs can sit around in non-orphaned packages too.

(d) 4 weeks is too short.  Some people go on holiday for this long.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Reply via email to