On Tue, Aug 23, 2022 at 03:42:30PM -0400, Ben Cotton wrote: > https://fedoraproject.org/wiki/PcreDeprecation > > This document represents a proposed Change. As part of the Changes > process, proposals are publicly announced in order to receive > community feedback. This proposal will only be implemented if approved > by the Fedora Engineering Steering Committee. > > > == Summary == > Upstream stopped the support for the old 'pcre' package. It only > supports the new 'pcre2' version, so Fedora should deprecate it so it > could later be retired and removed from Fedora entirely. > > == Owner == > * Name: [[User:ljavorsk| Lukas Javorsky]] > * Email: ljavo...@redhat.com > > > == Detailed Description == > Upstream stopped supporting the old 'pcre' package. The 8.45 is marked > as a final release and nothing else will be added/fixed in it. This > may lead to some unresolved CVEs, which would have to be resolved by > the maintainers. Unfortunately, due to our limited capacity, we > wouldn't have the time and experience to solve this by ourselves, so > we need to deprecate this package. After the deprecation is done, the > very next step would be starting the [[PcreRetirement|retirement > change]], so the package is removed from Fedora entirely. > > The new 'pcre2' package is out for more than 7 years now and most of > the packages have already been ported to its redefined API. > [https://lists.exim.org/lurker/message/20150105.162835.0666407a.en.html > Mail] about the changes in the pcre2.
snip > == Benefit to Fedora == > Fedora shouldn't support unsupported packages. That's an overly broad statement that does not reflect any Fedora rule / guideline on package inclusion. Only version large projects have stable maint streams of their releases, most upstreams only "support" the most recent release they've made. IOW if the distro isn't shipping the most recent release then it is effectively shipping unsupported packages. For Fedora at least if a maintainer frequently rebases to new releases, they only end up supporting an unsupported package for upto about 1 year (two stable releases). RHEL is much worse, as by the time a RHEL release goes EOL, you can consider the vast majority of software to be "unsupported" from the POV of the upstream projects. IOW, it is reasonable to say that one of the core jobs of a distro [maintainer] is often to provide support for a package that upstream no longer supports. The issue is really about how long the distro maintainer is willing to prolong that effort on a case by case basis. Not wishing to support multiple versions of a package in parallel is a reasonable desire for a single maintainer, to reduce their workload. It is not inherantly wrong for Fedora more generally though to want to ship and support something that upstream has stopped supporting. There just needs to be some use case for it to exist, and a maintainer willing todo the work. > versions fork from Fedora, it could lead to less secure RHEL as well. > By deprecating this package, we will send the message to the > maintainers that their packages should port to new pcre2 package and > any new package would have to use only new and supported pcre2 > version. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
