[Mageia-dev] Removal of sun java
Wolfgang Bornath
molch.b at googlemail.com
Fri Mar 30 10:35:50 CEST 2012
2012/3/30 Thierry Vignaud <thierry.vignaud at gmail.com>:
> On 29 March 2012 22:59, Pascal Terjan <pterjan at gmail.com> wrote:
>>> perhaps we can obsolete it with one of those nonfree getters? (if security
>>> bug)
>>>
>>> or, maybe a package that gives an README.urpmi ...
>>>
>>> IMHO: i think obsoleting it is fine, but with a README.urpmi that says
>>> notifies
>>> that it's been obsoleted.
>>
>>
>> Yes that seems the best solution to me
>
> We can do like RH & Ubuntu, provides an empty package that explain sun doesn't
> enable us anymore to distribute it and that they've to install (& update) it
> manually from sun.com
That's what others and I suggested in the bug report.
We are not sysadmins of user's systems. But that's only the academical
point of view. Reality is that the main target of Mageia is the
average user who will likely not read technical papers or security
alert and will probably not know about the security issue at all. Even
if he reads something about it in a newspaper he will usually trust
Mageia's repos, more so since we keep telling the users that we do QA
for all software in the "official" repos.
Telling that all over the place implies a responsibility which we can
not simply put away with by telling that we are not sysadmins of the
user's systems. Supplying a software in our repos does not allow us in
cases like this one to simply point at the user and tell him that it
is his own fault if he installs the software. We can do that if he
installs software from a 3rd party source but not from our own repos.
So, just removing the package and leaving the users who already
installed it out in the rain is wrong and could even mean bad
reputation. That's why I strongly suggest to think beyond the rim of a
developer's bowl.
--
wobo
More information about the Mageia-dev
mailing list