From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2012-August/018309.html | 103 +++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 zarb-ml/mageia-dev/2012-August/018309.html (limited to 'zarb-ml/mageia-dev/2012-August/018309.html') diff --git a/zarb-ml/mageia-dev/2012-August/018309.html b/zarb-ml/mageia-dev/2012-August/018309.html new file mode 100644 index 000000000..b6d42c8e3 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-August/018309.html @@ -0,0 +1,103 @@ + + + + [Mageia-dev] Package removal proposal + + + + + + + + + +

[Mageia-dev] Package removal proposal

+ Sander Lepik + sander.lepik at eesti.ee +
+ Sun Aug 26 16:33:22 CEST 2012 +

+
+ +
+Sander
+
+26.08.2012 17:15, Colin Guthrie kirjutas:
+> 'Twas brillig, and Johnny A. Solbu at 25/08/12 02:42 did gyre and gimble:
+>> On Saturday 25 August 2012 02:33, Olivier Thauvin wrote:
+>>> For me obsolete should be reserved for replacements or rename, nothing
+>>> more.
+>> I agree on this.
+> So in two years time, we add a new package with the same filename as one
+> of these old package, we may get some very strange edge cases on package
+> upgrades/installer because keeping these old, no longer shipped packages
+> installed is still "supported" (of course this could happen even if the
+> old package were obsoleted properly, due to package install order on
+> upgrades)
+>
+> What about when there are security issues in the old package? Do we just
+> drop it and then wash our hands of the whole affair and don't give a
+> crap when a user's system is completely compromised?
+>
+> In my opinion we should run a tight ship. If users want to use something
+> we no longer ship, then they still have several choices:
+>  1. Don't install task-obsolete and add it to their skip.list.
+>  2. Do a local compile+install into /usr/local of the software in question
+>  3. Package it and become a contributor (assuming the reason for
+> dropping the package was due to a lack of maintainer rather than a
+> specific desire/reason (i.e. legal))
+>
+> For all of these options the user is both informed and can make a very
+> clear, concious choice about how they want to proceed and know the
+> consequences of doing so.
+>
+>
+> Obsoletes in packages which genuinely replace the old one seem
+> reasonable and uncontroversial.
+>
+> Col
+>
+What about new feature. Some txt file (containing obsoleted package per line and probably
+can be signed somehow) in the mirrors that can be updated by sysadmins. During update urpmi
+will check this file and will compare with local file where user has marked what (s)he wants
+to do with those packages (<obsoleted package> <status: keep/remove> per line). If urpmi
+finds package that hasn't been listed in local file it will ask the user what to do with it
++ will show warning that all possible security problems are not our problem anymore.
+
+ + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1