Bug 1862511 - Obsolete libcroco
Summary: Obsolete libcroco
Alias: None
Product: Fedora
Classification: Fedora
Component: fedora-obsolete-packages
Version: 33
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Miro Hrončok
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2020-07-31 15:21 UTC by Michael Catanzaro
Modified: 2020-08-11 20:52 UTC (History)
2 users (show)

Fixed In Version: fedora-obsolete-packages-33-21
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-08-11 20:49:16 UTC
Type: Bug

Attachments (Terms of Use)

Description Michael Catanzaro 2020-07-31 15:21:56 UTC
I've retired libcroco. We should obsolete it. I think that would look like this:

%obsolete libcroco 0.6.13-4

Comment 1 Michael Catanzaro 2020-07-31 15:55:29 UTC
It's still needed by cinnamon, I'll need to unretire it.

Comment 2 Michael Catanzaro 2020-07-31 21:44:26 UTC
It stays retired after all: https://pagure.io/releng/issue/9641. Reopening.

Comment 3 Miro Hrončok 2020-08-10 22:48:10 UTC
> We should obsolete it.

What is the broken dependency if it doesn't get obsoleted?

Comment 4 Michael Catanzaro 2020-08-11 02:21:23 UTC
Nothing depends on it, but I don't want it to stick around on users' systems because it's not in good security shape.

Comment 5 Miro Hrončok 2020-08-11 10:26:30 UTC
I'm afraid this is not the reason we put obsoletes into this package. May you please open a discussion on https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject.org/ on whether this should be obsoleted or not?

Comment 6 Michael Catanzaro 2020-08-11 15:12:37 UTC
From https://docs.fedoraproject.org/en-US/packaging-guidelines/#renaming-or-replacing-existing-packages:

If retired packages need to be removed from end user machines because they cause dependency issues which interfere with upgrades or are otherwise harmful, a packager MAY request that Obsoletes: be added to fedora-obsolete-packages. Simply file a bugzilla ticket here. Please include information on which packages need to be obsoleted, the exact versions which need to be obsoleted, and the reasons why they cannot be allowed to remain installed.

This package is clearly harmful: it's an unmaintained CSS parser written in C which got a lot of attention recently for a security issue that's likely just the tip of the iceberg. It has no business remaining on users' systems, so I don't see why it requires discussion on packaging list?

Comment 7 Miro Hrončok 2020-08-11 15:23:14 UTC
It probably doesn't I just wasn't sure if this qualifies.

Comment 8 Ben Cotton 2020-08-11 15:29:08 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle.
Changing version to 33.

Note You need to log in before you can comment on or make changes to this bug.