From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1PySTq-0003yB-He for garchives@archives.gentoo.org; Sat, 12 Mar 2011 17:19:54 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id EBB651C051; Sat, 12 Mar 2011 17:19:45 +0000 (UTC) Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com [74.125.82.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 846001C00D for ; Sat, 12 Mar 2011 17:19:21 +0000 (UTC) Received: by wyf23 with SMTP id 23so4793223wyf.40 for ; Sat, 12 Mar 2011 09:19:20 -0800 (PST) Received: by 10.216.171.68 with SMTP id q46mr663722wel.98.1299950360554; Sat, 12 Mar 2011 09:19:20 -0800 (PST) Received: from [172.28.64.145] (host249-252-static.95-94-b.business.telecomitalia.it [94.95.252.249]) by mx.google.com with ESMTPS id o19sm2838525wee.26.2011.03.12.09.19.18 (version=SSLv3 cipher=OTHER); Sat, 12 Mar 2011 09:19:19 -0800 (PST) Sender: =?UTF-8?Q?Diego_Elio_Petten=C3=B2?= Subject: [gentoo-dev] Re: Re: Quantity of open bugs From: Diego Elio =?ISO-8859-1?Q?Petten=F2?= To: gentoo-dev@lists.gentoo.org In-Reply-To: <20110312170944.GA15228@comet> References: <20110307130425.3C1ED1C042@pigeon.gentoo.org> <20110310202510.45627780@athlong2.kevquinn.com> <1299941135.2212.94.camel@raven.home.flameeyes.eu> <20110312170944.GA15228@comet> Content-Type: text/plain; charset="UTF-8" Date: Sat, 12 Mar 2011 18:16:46 +0100 Message-ID: <1299950206.2520.3.camel@raven.home.flameeyes.eu> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.32.2 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 92a77c82e86e47421cf4fe37e522fe16 Il giorno sab, 12/03/2011 alle 11.09 -0600, Donnie Berkholz ha scritto: >=20 >=20 > I'm assuming you're talking only about broken builds here and not=20 > "QA-only" bugs. My opinion is that if a tinderbox QA script is the > only=20 > thing finding a nonfatal bug, and it's never reported or CC'd by a > user,=20 > then it's about as low priority as you can get. Not really. An user would never report that the package is bundling libraries, but that is actually pretty high in priority as it can lead to hidden security issues already resolved in the original library to sneak in the system. At the same time, very few users report ignored variables (CC, CFLAGS, LDFLAGS, ...) but they are just the same a problem. Especially when hardening flags are not used at all. > So this might serve as a pointer to potentially unmaintained > packages,=20 > but clearly more investigation is required before removal.=20 There is always the need to do manual investigation. But in general when you see a package that - ignores LDFLAGS; - shows fortify source warnings; - ignores CC; - misuses autotools; - bundle libraries. you can pretty safely assume neither somebody is looking after it, nor using it. --=20 Diego Elio Petten=C3=B2 =E2=80=94 Flameeyes http://blog.flameeyes.eu/