Hi EPEL folks, In the past couple EPEL SCo meetings, we have been discussing adding a new package retirement policy for EPEL packages.
However, we have not found a satisfactory solution to the scenario where
a packager no longer wishes to maintain their package in EPEL, but the
package does not have unpatched CVEs, a dead upstream, or other reasons
to warrant completely retiring it. In Fedora itself, there is a specific
policy/procedure[1] for orphaning packages:
> When Fedora maintainers do not want or are not able to maintain a
> package any longer, they can orphan or retire the package.
> In case the package is still useful for Fedora, it should be orphaned.
> Then other maintainers that are interested in maintaining it, can take
> ownership of this package.
<snip>
> Orphan packages will be retired if they remain orphaned for six weeks.
<snip>
I omitted the parts that are specific to the Fedora release cycle.
Currently, EPEL packages can be retired from any EPEL branch at any
time. However, it is currently impossible to independently orphan EPEL
branches for the following reasons:
1. EPEL branches can't be orphaned separately. It's only possible to
orphan the entire repository, which is not wanted in all cases.
2. Technically, it's possible to set the Bugzilla assignee for EPEL to
"orphan" but that doesn't really accomplish anything. Currently with
this approach:
There is no way for packagers to pick up orphaned EPEL branches in a
self-service fashion. There are no notifications when these packages
are orphaned, so it's unlikely that anyone will pick them up. We'd
also need to figure out how to handle retiring packages from EPEL
that remain orphaned there for six weeks. This solution still
doesn't solve the situation where e.g. a maintainer no longer wishes
to maintain their package in epel7 but wants to maintain it in
epel9.
What do y'all think about this issue? How do you think we should address
it? Keep in mind that orphaning a package basically amounts to delayed
retirement, unless someone picks it up.
Here are my thoughts:
If an entire Fedora package that has (an) EPEL branch(es) is orphaned,
the EPEL branch(es) should probably be orphaned at the same time as the
rawhide branch. Otherwise, we'd have to treat only orphaning an EPEL
branch as a special case:
We could create an issue tracker for this. Packagers would have to
submit a ticket requesting to orphan a certain package's EPEL branch(es)
and set the EPEL Bugzilla assignee to "orphan" if they're orphaning all
active EPEL branches. epel-devel@ could be CC'd on all issues. Then, we
could have a provenpackager in the SIG go through and manually retire
the packages that haven't been picked up after six weeks. The later will
be difficult if we have a large volume, but I don't expect that. We
could script this if necessary or just ask the submitter to do it
themself.
This doesn't allow picking up packages in a self-service manner, but I
don't think that's a huge deal for our case.
[1]:
https://docs.fedoraproject.org/en-US/fesco/Policy_for_orphan_and_retired_packages/#_orphaning_and_retiring_packages
--
Thanks,
Maxwell G (@gotmax23)
Pronouns: He/Him/His
signature.asc
Description: PGP signature
_______________________________________________ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
