| |
@@ -0,0 +1,64 @@
|
| |
+ include::partial$attributes.adoc[]
|
| |
+
|
| |
+ = Retirement policy
|
| |
+ :toc:
|
| |
+
|
| |
+ [[retirement_policy]]
|
| |
+
|
| |
+ == Background
|
| |
+
|
| |
+ There are three reasons for retiring a package in EPEL.
|
| |
+
|
| |
+ * The package is now included in RHEL.
|
| |
+ * Security reasons.
|
| |
+ * Maintainer no longer has time and/or desire.
|
| |
+
|
| |
+ [[process_package_in_rhel]]
|
| |
+ == Process: Package in RHEL
|
| |
+
|
| |
+ If a package is in RHEL, you should have received a bug telling you your package
|
| |
+ is going to be in RHEL. It should also say which RHEL release it will be in (e.g. RHEL 8.8).
|
| |
+
|
| |
+ *Do not remove your EPEL package until you have verified that it is in RHEL.*
|
| |
+
|
| |
+ * If the package version in RHEL is older than the version in EPEL, send an e-mail to https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org/[epel-devel], documenting the potential loss of functionality. If the package version in RHEL is the same or newer, sending the e-mail is optional
|
| |
+ * Once your package is in RHEL, you can https://docs.fedoraproject.org/en-US/package-maintainers/Package_Retirement_Process/#_procedure[remove it from EPEL].
|
| |
+
|
| |
+ [[process_security_reasons]]
|
| |
+ == Process: Security Reasons
|
| |
+
|
| |
+ If a package has a severe security issue, and the fix cannot be backported, usually
|
| |
+ this can be fixed xref:epel-policy-incompatible-upgrades.adoc#process_for_incompatible_upgrades[with
|
| |
+ an incompatible upgrade]. If the EPEL version is fairly old, and a newer version
|
| |
+ cannot be built, it's possible that the only choice of action is to remove the package.
|
| |
+
|
| |
+ . Send e-mail to
|
| |
+ https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org/[epel-devel]
|
| |
+ with details of the proposed retirement. Include items such as the CVE of
|
| |
+ the security issues affecting the existing version, and/or an upstream
|
| |
+ bug tracker reference (if applicable). Also reference a bug in
|
| |
+ xref:index.adoc#communicating_with_the_epel_sig[Bugzilla] against the package.
|
| |
+ . Discussion takes place on epel-devel for a minimum period of 1 week, unless this
|
| |
+ is for a critical security update such as remote root.
|
| |
+ . Item is added to agenda for discussion at https://calendar.fedoraproject.org/epel/#m9854[weekly EPEL Steering Committee meeting].
|
| |
+ . If a majority of those present at the EPEL Steering Committee meeting concur, the package can be retired.
|
| |
+ . The maintainer is then responsible for sending an e-mail to epel-announce. It should
|
| |
+ announce the retirement and specific actions that users must
|
| |
+ take in order to continue using the software
|
| |
+ (e.g. install using `pip` or some other delivery mechanism).
|
| |
+ . https://docs.fedoraproject.org/en-US/package-maintainers/Package_Retirement_Process/#_procedure[Retire the package].
|
| |
+
|
| |
+ [[process_no_time_or_desire]]
|
| |
+ == Process: No Time or Desire
|
| |
+
|
| |
+ EPEL is run and maintained by many volunteers. A person's life, job,
|
| |
+ and priorities change over time. It is natural that a time might come that you no
|
| |
+ longer have the time or desire to maintain a package.
|
| |
+
|
| |
+ . Check if there are other maintainers of the package. https://src.fedoraproject.org/rpms/nedit[https://src.fedoraproject.org/rpms/<package>]
|
| |
+ If there are, ask them if they would like to maintain the epel branches.
|
| |
+ . If none of the other maintainers want to maintain the epel branches, send an e-mail to
|
| |
+ https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org/[epel-devel]. Let us
|
| |
+ know you cannot maintain the package anymore, and none of the other maintainers can either. If there
|
| |
+ is anything special about this package, let us know that as well.
|
| |
+ . After two weeks, If nobody has volunteered to take over the package for you, feel free to https://docs.fedoraproject.org/en-US/package-maintainers/Package_Retirement_Process/#_procedure[retire the package].
|
| |
Adding a new retirement policy.
Feedback is welcome.