Web lists-archives.com

Re: Removing packages perhaps too aggressively?




On Wed, 31 Jan 2018 at 22:25:31 +0100, Andreas Ronnquist wrote:
> On Wed, 31 Jan 2018 20:14:31 +0100,
> Andrej Shadura<andrew@xxxxxxxxxx> wrote:
> >Should I've known someone's going to remove it, I would have adopted
> >it earlier.

If I understand the rules correctly, if a package is present in any
suite in the main Debian archive as hosted on ftp-master (so oldstable or
newer), removals are not particularly permanent: anything still present
in the database, in any suite, doesn't count as NEW. So removal of a
package from unstable doesn't need to be a barrier to adopting it.

You should be aware of what you're getting into, though... packages
aren't routinely or automatically removed just for being orphaned,
so if this one was removed, it's because someone noticed it. That's
reasonably well-correlated with having had release-critical bugs,
having caused trouble for a transition, or otherwise impeding someone
else's work.

You've probably heard the motto "if it isn't tested, it doesn't work"?
If a package doesn't have anything depending on it, isn't widely
installed, and doesn't have a maintainer who is looking after it (and
presumably using it at least occasionally), then it's likely that it
isn't being tested, which in turn means there's a significant probability
that someone who later decides they want to use it will discover that
it doesn't actually work any more (or that it works but has security
vulnerabilities). That seems like a disservice to our users.

Debian is meant to be a high-quality operating system, not a collection
of packages that we keep around in case they come in useful one day.
If a removed package later turns out to be useful or desirable, we have
plenty of opportunities for an interested maintainer to bring it back,
and a couple of ways (archive.debian.org, snapshot.debian.org) for a
user to install it locally.

Every package in the archive consumes resources. Mirror space and network
bandwidth are no big deal, we have plenty of those. Volunteer time and
attention are much more scarce, and we should value them accordingly.
Our users' attention is also a limited resource: when I'm looking for a
package that I can install to solve a particular problem, if there are
(say) two or three good implementations, I'd rather not spend time
looking through a dozen bad implementations to find them.

> >Today, hyde. [...] Missed jessie, stretch, not in testing

If this package was (as mentioned in the removal request) already in
unstable at the time of the jessie freeze (November 2014), then was
removed in mid 2017, then it had been potentially migrating to testing
for, conservatively, at least 2½ years. That's *plenty* of opportunities
to fix whatever release-critical bugs affected it and get it into testing.

> Isn't this rather publicly announced by the how-can-i-help program? I
> am running apt [...] I don't know if this isn't the case if you are
> using apt-get or aptitude though.

Anything that reads apt's DPkg::Post-Invoke configuration, including
apt-get and aptitude, will trigger how-can-i-help. (I mostly use
aptitude myself, and how-can-i-help definitely shows up there.)

    smcv