I've retired libcroco. We should obsolete it. I think that would look like this:
%obsolete libcroco 0.6.13-4
It's still needed by cinnamon, I'll need to unretire it.
It stays retired after all: https://pagure.io/releng/issue/9641. Reopening.
> We should obsolete it.
What is the broken dependency if it doesn't get obsoleted?
Nothing depends on it, but I don't want it to stick around on users' systems because it's not in good security shape.
I'm afraid this is not the reason we put obsoletes into this package. May you please open a discussion on https://email@example.com/ on whether this should be obsoleted or not?
If retired packages need to be removed from end user machines because they cause dependency issues which interfere with upgrades or are otherwise harmful, a packager MAY request that Obsoletes: be added to fedora-obsolete-packages. Simply file a bugzilla ticket here. Please include information on which packages need to be obsoleted, the exact versions which need to be obsoleted, and the reasons why they cannot be allowed to remain installed.
This package is clearly harmful: it's an unmaintained CSS parser written in C which got a lot of attention recently for a security issue that's likely just the tip of the iceberg. It has no business remaining on users' systems, so I don't see why it requires discussion on packaging list?
It probably doesn't I just wasn't sure if this qualifies.
This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle.
Changing version to 33.