ng0 <n...@we.make.ritual.n0.is> writes: > Efraim Flashner <efr...@flashner.co.il> writes: > >> [ Unknown signature status ] >> On Mon, Sep 05, 2016 at 10:20:36AM +0200, Ludovic Courtès wrote: >>> Hi! >>> >>> Leo Famulari <l...@famulari.name> skribis: >>> >>> > >>> > Do we have any guidelines about "retiring" packages? >>> >>> Not yet! >>> >>> Of course there’s a fine line here: we cannot systematically retire >>> packages “just” because they have bugs (all of them do ;-)). So we have >>> to be cautious. In this case, it can be considered a serious bug in the >>> package’s core functionality, *and* there’s a fix provided by a fork, so >>> I see no obstacle in removing it. >>> >>> What do people think? >>> >>> Thanks, >>> Ludo’. >>> >> >> I think it makes sense to change the description that this package is >> slated for eventual removal. Another example is pinentry. We now have 4 >> pinentry packages, and the original pinentry package just points to >> pinentry-gtk. I think it would make sense in that case to change the >> description to something like `the pinentry package in guix is >> depreciated, please remove it and install pinentry-gtk to retain the >> same functinality' or something along those lines. >> >> In this case something about attic having serious unpatched flaws, is >> unmaintained, and that borg is a fork & continuation of it, would be a >> good change. >> >> That might keep new people from installing it, but how would we get >> people who have already installed it to uninstall it? Or to see the >> message? > > Gentoo handles this via an internal message system which might or might > not be connected to one of their email lists. This way they announce > security upgrades, updates, removal notices, etc. Archlinux handles this > via an announcement email list as far as I know. Maybe we could > implement something similar, maybe file based? > > I could imagine an mbox/maildir message parser where we could commit > message files into the (sub)directory and it gets posted to an > announce-g...@gnu.org list AND is also made available via some way > associated with the guix package list of current profile or in general > via some guix args to be read by everyone, mandatory to keep on track > with guix updates etc..
Immediate solution with even less work: make it part of the website repository, which displays an rss feed "package news" or something like that. > >> -- >> Efraim Flashner <efr...@flashner.co.il> אפרים פלשנר >> GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 >> Confidentiality cannot be guaranteed on emails sent or received unencrypted > > -- > ng0 > For non-prism friendly talk find me on http://www.psyced.org > -- ng0 For non-prism friendly talk find me on http://www.psyced.org
