+ ** xref:epel-policy-retirement.adoc[Package Retirement]

+ include::partial$attributes.adoc[]

+ 

+ = Retirement policy

+ :toc:

+ 

+ [[retirement_policy]]

+ 

+ == Background

+ 

+ There are three reasons for retiring a package in EPEL.

+ 

+ * The package is now included in RHEL.

+ * Security reasons.

+ * Maintainer no longer has time and/or desire.

+ 

+ [[process_package_in_rhel]]

+ == Process: Package in RHEL

+ 

+ If a package is in RHEL, you should have received a bug telling you your package

+ is going to be in RHEL.  It should also say which RHEL release it will be in (e.g. RHEL 8.8).

+ 

+ *Do not remove your EPEL package until you have verified that it is in RHEL.*

+ 

+ * If the package version in RHEL is older than the version in EPEL, send an e-mail to https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org/[epel-devel], documenting the potential loss of functionality. If the package version in RHEL is the same or newer, sending the e-mail is optional

+ * Once your package is in RHEL, you can https://docs.fedoraproject.org/en-US/package-maintainers/Package_Retirement_Process/#_procedure[remove it from EPEL].

+ 

+ [[process_security_reasons]]

+ == Process: Security Reasons

+ 

+ If a package has a severe security issue, and the fix cannot be backported, usually

+ this can be fixed xref:epel-policy-incompatible-upgrades.adoc#process_for_incompatible_upgrades[with

+ an incompatible upgrade].  If the EPEL version is fairly old, and a newer version

+ cannot be built, it's possible that the only choice of action is to remove the package.

+ 

+ . Send e-mail to

+ https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org/[epel-devel]

+ with details of the proposed retirement. Include items such as the CVE of

+ the security issues affecting the existing version, and/or an upstream

+ bug tracker reference (if applicable). Also reference a bug in

+ xref:index.adoc#communicating_with_the_epel_sig[Bugzilla] against the package.

+ . Discussion takes place on epel-devel for a minimum period of 1 week, unless this

+ is for a critical security update such as remote root.

+ . Item is added to agenda for discussion at https://calendar.fedoraproject.org/epel/#m9854[weekly EPEL Steering Committee meeting].

+ . If a majority of those present at the EPEL Steering Committee meeting concur, the package can be retired.

+ . The maintainer is then responsible for sending an e-mail to epel-announce.  It should

+ announce the retirement and specific actions that users must

+ take in order to continue using the software

+ (e.g. install using `pip` or some other delivery mechanism).

+ . https://docs.fedoraproject.org/en-US/package-maintainers/Package_Retirement_Process/#_procedure[Retire the package].

+ 

+ [[process_no_time_or_desire]]

+ == Process: No Time or Desire

+ 

+ EPEL is run and maintained by many volunteers.  A person's life, job,

+ and priorities change over time.  It is natural that a time might come that you no

+ longer have the time or desire to maintain a package.

+ 

+ . Check if there are other maintainers of the package. https://src.fedoraproject.org/rpms/nedit[https://src.fedoraproject.org/rpms/<package>]

+ If there are, ask them if they would like to maintain the epel branches.

+ . If none of the other maintainers want to maintain the epel branches, send an e-mail to

+ https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org/[epel-devel]. Let us

+ know you cannot maintain the package anymore, and none of the other maintainers can either.  If there

+ is anything special about this package, let us know that as well.

+ . After two weeks, If nobody has volunteered to take over the package for you, feel free to https://docs.fedoraproject.org/en-US/package-maintainers/Package_Retirement_Process/#_procedure[retire the package].