Re: updates in stable branches introducing new dependencies

[Tomasz Torcz ️]

On Tue, Apr 10, 2018 at 07:36:34AM +0200, Dominik 'Rathann' Mierzejewski wrote:
> 
> I filed a bug: https://bugzilla.redhat.com/show_bug.cgi?id=1564699
> but the maintainer refused to even comment on the merits and closed
> it without any reasonable explanation. I find his response not
> excellent. 

  This bug is very sad :(

  Few representative citations:
  “Sounds like we need to fire more docs writers if they have time to
 write fictional policy documents.”
  “Some Fedora policies are completely detached from what Fedora
 maintainers actually do, yes.”

  Joe Orton (httpd package administrator, according to pkgdb) completely
 disregards Fedora policies and all the work spent on writing them.
 And what to do with maintainers doing things against policies?

-- 
Tomasz TorczTo co nierealne -- tutaj jest normalne.
xmpp: zdzich...@chrome.pl  Ziomale na życie mają tu patenty specjalne.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: updates in stable branches introducing new dependencies

[Dominik 'Rathann' Mierzejewski]

On Wednesday, 11 April 2018 at 10:35, Michal Schorm wrote:
> For fetaures, that are optional, weak dependencies is the best solution I
> can think of.
> Even when "Recommends" is used, which means it will try to pull the
> dependency as well, if not said specifically opted-out.

That's fine. The optional dependency can be uninstalled afterwards or
not installed at all if you have install_weak_deps set to false.

> > 2 considerations:
> > * is the user experience significantly affected?
> > * is the size implications significant?
> > As far as I can tell, the answer to both is generally no.
> 
> For everything else, besides opt features, plugins, ... , I totally agree
> with the nice short answer from Rex.

So, you think the maintainers should be free to add any new dependencies
without any announcement or explanation as long as it doesn't "materially
affect the user or developer experience"?

I actually have nothing against adding new features, even in stable
branches, but I do object to lack of communication about those.

Regards,
Dominik
-- 
Fedora   https://getfedora.org  |  RPMFusion   http://rpmfusion.org
There should be a science of discontent. People need hard times and
oppression to develop psychic muscles.
-- from "Collected Sayings of Muad'Dib" by the Princess Irulan
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: updates in stable branches introducing new dependencies

[Michal Schorm]

For fetaures, that are optional, weak dependencies is the best solution I
can think of.
Even when "Recommends" is used, which means it will try to pull the
dependency as well, if not said specifically opted-out.

> 2 considerations:
> * is the user experience significantly affected?
> * is the size implications significant?
> As far as I can tell, the answer to both is generally no.

For everything else, besides opt features, plugins, ... , I totally agree
with the nice short answer from Rex.

--

Michal Schorm
Associate Software Engineer
Core Services - Databases Team
Red Hat

On Tue, Apr 10, 2018 at 1:57 PM, Rex Dieter  wrote:

> Dominik 'Rathann' Mierzejewski wrote:
>
> > Arguably, the current stable updates policy is against this
> > https://fedoraproject.org/wiki/Updates_Policy#Stable_Releases :
> > [...] Updates should aim to fix bugs, and not introduce features, [...]
>
> you snipped off what I consider relevant here: "... particularly when those
> features would materially affect the user or developer experience"
>
> > Is this a legitimate issue or am I making storm in a teacup here?
> > Ever-increasing package sizes and dependency bloat do seem to be
> > a popular topic these days.
>
> 2 considerations:
> * is the user experience significantly affected?
> * is the size implications significant?
>
> As far as I can tell, the answer to both is generally no.
>
> -- rex
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
>
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: updates in stable branches introducing new dependencies

[Rex Dieter]

Dominik 'Rathann' Mierzejewski wrote:

> Arguably, the current stable updates policy is against this
> https://fedoraproject.org/wiki/Updates_Policy#Stable_Releases :
> [...] Updates should aim to fix bugs, and not introduce features, [...]

you snipped off what I consider relevant here: "... particularly when those 
features would materially affect the user or developer experience"

> Is this a legitimate issue or am I making storm in a teacup here?
> Ever-increasing package sizes and dependency bloat do seem to be
> a popular topic these days.

2 considerations:
* is the user experience significantly affected?
* is the size implications significant?

As far as I can tell, the answer to both is generally no.

-- rex
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

updates in stable branches introducing new dependencies

[Dominik 'Rathann' Mierzejewski]

Hello,
does anyone else beside me think it's not OK to introduce new
dependencies without any explanation in package updates released
to stable Fedora branches?

Arguably, the current stable updates policy is against this
https://fedoraproject.org/wiki/Updates_Policy#Stable_Releases :
[...] Updates should aim to fix bugs, and not introduce features, [...]

This is happening regularly and FESCo mostly ignored the
issue when I raised it (https://pagure.io/fesco/issue/1682).

Sadly, this is still happening, and the reason for this particular
e-mail is the httpd update httpd-2.4.33-2:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6744ca470d
https://bodhi.fedoraproject.org/updates/FEDORA-2018-375e3244b6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-22b25bab31

It was pushed as a security update, but nowhere does it say why
mod_brotli is now enabled and that brotli is a new dependency.

https://www.apache.org/dist/httpd/CHANGES_2.4.33 doesn't say anything
about brotli, either. It was actually added (upstream) in 2.4.26:
https://www.apache.org/dist/httpd/CHANGES_2.4
[...]
Changes with Apache 2.4.26
[...]
  *) mod_brotli: Add a new module for dynamic Brotli (RFC 7932) compression.
 [Evgeny Kotkov]
[...]
but Fedora maintainer waited until 2.4.29 to enable it:
https://src.fedoraproject.org/rpms/httpd/c/95a0c9518b8a5659e7ba07aad0bcc338409e86cf?branch=master
and gave no explanation for doing it.

I filed a bug: https://bugzilla.redhat.com/show_bug.cgi?id=1564699
but the maintainer refused to even comment on the merits and closed
it without any reasonable explanation. I find his response not
excellent. 

Is this a legitimate issue or am I making storm in a teacup here?
Ever-increasing package sizes and dependency bloat do seem to be
a popular topic these days.

Regards,
Dominik
-- 
Fedora   https://getfedora.org  |  RPMFusion   http://rpmfusion.org
There should be a science of discontent. People need hard times and
oppression to develop psychic muscles.
-- from "Collected Sayings of Muad'Dib" by the Princess Irulan
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org