[Mageia-dev] Removal of sun java

Fri Mar 30 10:35:50 CEST 2012

2012/3/30 Thierry Vignaud <thierry.vignaud at gmail.com>:
+> On 29 March 2012 22:59, Pascal Terjan <pterjan at gmail.com> wrote:
+>>> perhaps we can obsolete it with one of those nonfree getters? (if security
+>>> bug)
+>>>
+>>> or, maybe a package that gives an README.urpmi ...
+>>>
+>>> IMHO: i think obsoleting it is fine, but with a README.urpmi that says
+>>> notifies
+>>> that it's been obsoleted.
+>>
+>>
+>> Yes that seems the best solution to me
+>
+> We can do like RH & Ubuntu, provides an empty package that explain sun doesn't
+> enable us anymore to distribute it and that they've to install (& update) it
+> manually from sun.com
+
+That's what others and I suggested in the bug report.
+
+We are not sysadmins of user's systems. But that's only the academical
+point of view. Reality is that the main target of Mageia is the
+average user who will likely not read technical papers or security
+alert and will probably not know about the security issue at all. Even
+if he reads something about it in a newspaper he will usually trust
+Mageia's repos, more so since we keep telling the users that we do QA
+for all software in the "official" repos.
+
+Telling that all over the place implies a responsibility which we can
+not simply put away with by telling that we are not sysadmins of the
+user's systems. Supplying a software in our repos does not allow us in
+cases like this one to simply point at the user and tell him that it
+is his own fault if he installs the software. We can do that if he
+installs software from a 3rd party source but not from our own repos.
+
+So, just removing the package and leaving the users who already
+installed it out in the rain is wrong and could even mean bad
+reputation. That's why I strongly suggest to think beyond the rim of a
+developer's bowl.
+
+-- 
+wobo
+