The EPEL updates policy states that updates with major changes to user experience are to be avoided. This update does not appear to follow that policy. Please avoid such disruptive updates for EPEL packages in the future. If it is unavoidable, please follow the incompatible upgrades policy.
I fixed a security issue with an assigned CVE. I am not going to seek anyone's approval to fix publicly disclosed security issues. (The only thing you can possibly do is demand I leave it vulnerable, so again: absolutely not.)
As with all packages in Fedora, you are welcome to submit patches that change things to be more to your liking - but I'm obviously not going to accept those that reintroduce security bugs, so have fun fighting el7's C++ compiler...
If you read the EPEL incompatible upgrades policy, you'll see that security updates are explicitly mentioned as good justification for performing an incompatible upgrade. But security justification doesn't absolve the maintainer from following the process. There are important notification steps that are involved. Alternatively, it may make more sense to retire a package from EPEL outright, which has its own process with notification steps.
This is the policy that all EPEL packagers are required to follow. If you disagree with the policy, you are welcome to submit changes to the policy to be more to your liking, which will be reviewed by the EPEL Steering Committee.
This update has been submitted for testing by rharwood.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.
The EPEL updates policy states that updates with major changes to user experience are to be avoided. This update does not appear to follow that policy. Please avoid such disruptive updates for EPEL packages in the future. If it is unavoidable, please follow the incompatible upgrades policy.
As kindly as I can: absolutely not.
I fixed a security issue with an assigned CVE. I am not going to seek anyone's approval to fix publicly disclosed security issues. (The only thing you can possibly do is demand I leave it vulnerable, so again: absolutely not.)
As with all packages in Fedora, you are welcome to submit patches that change things to be more to your liking - but I'm obviously not going to accept those that reintroduce security bugs, so have fun fighting el7's C++ compiler...
If you read the EPEL incompatible upgrades policy, you'll see that security updates are explicitly mentioned as good justification for performing an incompatible upgrade. But security justification doesn't absolve the maintainer from following the process. There are important notification steps that are involved. Alternatively, it may make more sense to retire a package from EPEL outright, which has its own process with notification steps.
This is the policy that all EPEL packagers are required to follow. If you disagree with the policy, you are welcome to submit changes to the policy to be more to your liking, which will be reviewed by the EPEL Steering Committee.
Please see the following pull requests:
Merging these and building them for EPEL 7 will resolve this situation.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a99c56df6a