Shorewall removed from Fedora Extras

Jeff Spaleta jspaleta at gmail.com
Tue Sep 27 17:27:41 UTC 2005 

On 9/27/05, Greg DeKoenigsberg <gdk at redhat.com> wrote:
> "Some of these packages are ancient and insecure.  If no one is bothering
> to maintain them AND they're huge security risks, we need to orphan them
> and pull the RPMs from the repo."

How do we go about informing users that have these packages
installed... that these packages are now expired from the repo? And
no... i don't think annoucing it solely in this mailinglist is due
diligence with regard to informing users who have been pulling
packages from extras with client tools. We have a variety of channels
to communicate updates or new packages but we haven't really thought
about how to make sure users are aware of situations where we have
actually removed/expired packages. At the very least communicating
removed/expired packages via the repoview rss feed seems appropriate
to bring the level of notification on par with rawhide removals.
Though I think Extras users deserve a better notification of removal
mechanism than rawhide users so this step would be just a start.

As for client tools the only thing people can really do right now.. is
to run "yum list extras" perodically as a matter of system
hygiene...review the list and take whatever local action they deem
most appopriate on a per package basis. This will tell a user
installed package nvr that can not be found in any enabled repo. Not
exactly the same as pro-active notification, but this is something
that can be added to   http://fedora.redhat.com/docs/yum/ as a best
practice to help educate users about removal situations.

Ideally we really need a way to have client tools tell users about
removals as part of tool interaction. "Hey there, Mr. fedora home
user/admin.. please be aware that the following packages that you have
installed have been expired from Fedora Extras. Fedora Extras will no
longer be providing versions of this package. Please consider removing
these applications from your system or finding a different repository
to use for update to avoid future security problems with these
packages"

-jef

More information about the fedora-extras-list mailing list