1862511 – Obsolete libcroco

Bug 1862511 - Obsolete libcroco

Summary: Obsolete libcroco

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	fedora-obsolete-packages
Sub Component:
Version:	33
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Miro Hrončok
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-07-31 15:21 UTC by Michael Catanzaro
Modified:	2020-08-11 20:52 UTC (History)
CC List:	2 users (show)
Fixed In Version:	fedora-obsolete-packages-33-21
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-08-11 20:49:16 UTC
Type:	Bug
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Michael Catanzaro 2020-07-31 15:21:56 UTC

I've retired libcroco. We should obsolete it. I think that would look like this:

%obsolete libcroco 0.6.13-4

Comment 1 Michael Catanzaro 2020-07-31 15:55:29 UTC

It's still needed by cinnamon, I'll need to unretire it.

Comment 2 Michael Catanzaro 2020-07-31 21:44:26 UTC

It stays retired after all: https://pagure.io/releng/issue/9641. Reopening.

Comment 3 Miro Hrončok 2020-08-10 22:48:10 UTC

> We should obsolete it.

What is the broken dependency if it doesn't get obsoleted?

Comment 4 Michael Catanzaro 2020-08-11 02:21:23 UTC

Nothing depends on it, but I don't want it to stick around on users' systems because it's not in good security shape.

Comment 5 Miro Hrončok 2020-08-11 10:26:30 UTC

I'm afraid this is not the reason we put obsoletes into this package. May you please open a discussion on https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject.org/ on whether this should be obsoleted or not?

Comment 6 Michael Catanzaro 2020-08-11 15:12:37 UTC

From https://docs.fedoraproject.org/en-US/packaging-guidelines/#renaming-or-replacing-existing-packages:

"""
If retired packages need to be removed from end user machines because they cause dependency issues which interfere with upgrades or are otherwise harmful, a packager MAY request that Obsoletes: be added to fedora-obsolete-packages. Simply file a bugzilla ticket here. Please include information on which packages need to be obsoleted, the exact versions which need to be obsoleted, and the reasons why they cannot be allowed to remain installed.
"""

This package is clearly harmful: it's an unmaintained CSS parser written in C which got a lot of attention recently for a security issue that's likely just the tip of the iceberg. It has no business remaining on users' systems, so I don't see why it requires discussion on packaging list?

Comment 7 Miro Hrončok 2020-08-11 15:23:14 UTC

It probably doesn't I just wasn't sure if this qualifies.

Comment 8 Ben Cotton 2020-08-11 15:29:08 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle.
Changing version to 33.

Note You need to log in before you can comment on or make changes to this bug.