reducing distribution CD count

Jeff Spaleta jspaleta at
Sun Feb 27 19:15:42 UTC 2005

On Sun, 27 Feb 2005 14:49:32 +0000, Nigel Metheringham 
> I would suggest that removing a package that has significant security
> implications (any MTA or significant functionality network program would
> fall into this category) is not good.  People depending on FC for
> security updates must be made aware that suddenly they must get security
> updates from elsewhere or change to an alternative package.

you touch on a larger issue about how a package vendor can effectively
'expire' any package to make sure users are aware its no longer being
maintained by the original vendor.  Currently such notifications for
Core are made in the release-notes and its up to users installing the
next release of Core to review the release notes.  For extras I know
of no discussion on how to address issues of notification of removals
when they happen in the future.  I think we can all agree that relying
on the userbase to read the release-notes is probably a less effective
method than some tool based approach that users/admins can interact
with when doing normal update tasks.  The closest thing we have right
now in Core are yum and up2date's ability to list orphaned packages
installed on the system that do not exist as part of a repository. But
even this is a reactive step that users/admins must take to police
theire own system. What we need is a way to have vendors 'push' a
notice of expiration in a way that the tools notice and inform the
admin about as a normal course of events.  I know of no on-going
experiments to implement anything like this.


More information about the fedora-devel-list mailing list