From: Mart Raudsepp <leio@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Packages up for grabs due to retirement
Date: Fri, 06 Jan 2017 10:04:35 +0200 [thread overview]
Message-ID: <1483689875.7573.6.camel@gentoo.org> (raw)
In-Reply-To: <7a2010ad-185c-514a-c11f-7000b09e4ff5@gentoo.org>
Ühel kenal päeval, N, 05.01.2017 kell 22:00, kirjutas Daniel Campbell:
> I'm in favor of keeping software around until it breaks. When there's
> a
> non-existent upstream and nobody's willing to take up the helm
> themselves, it's a clear indication that it's in danger of being
> treecleaned. In some cases that's good; some packages get left behind
> and never updated, CVEs get released,
CVEs don't get released about dead packages that no-one cares about or
has installed as no-one is checking them for bugs and evaluating if
they are security bugs. They just sit there, potentially providing a
nice potential security hole to abuse.
> nobody cares about the package and
> it sits masked for a while. Those are the packages we should consider
> for treecleaning, not just "oh it's been 2 years since a release" or
> "upstream website troubles".
>
> On the latter count, does anyone attempt to reach upstream before
> suggesting we get rid of the package(s)? Is there not some forum we
> can
> use to reach users who may be interested in proxy-maintaining it?
> This
> discussion makes me wonder if we need (more) formal guidelines for
> treecleaning. I think we've got a few people who are eager to clean
> the
> tree -- and their goal is admirable -- but until we can get metrics
> on
> who's using what, it's hard to say how much damage removing a package
> will do for users. A thread on gentoo-user re: lastrites might not be
> a
> bad idea.
The package.masked message that is shown to a user having it installed
is supposed to be providing that forum to potential proxy-maintainers
and such, to step up and fix things within that period and save it from
permanent deletion.
That's the reason we just don't outright delete them immediately, but
do this "last rited, deletion in 30 days" dance. Even though the
message doesn't repeatedly say this for all the p.mask descriptions
(but maybe the package manager stock extra text does, or should).
And ultimately things can be added back, when sensible, e.g a new
upstream appears that fixes issues, or whatever. Perhaps this user
interested in it enough to care deeply about it being remove from
Gentoo is interested enough to become that upstream or chase down
someone who is willing to, or provide motivation to the old upstream,
or...
next prev parent reply other threads:[~2017-01-06 8:04 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-31 21:54 [gentoo-dev] Packages up for grabs due to retirement Thomas Kahle
2016-12-31 23:00 ` James Le Cuirot
2017-01-01 9:42 ` Thomas Kahle
2017-01-01 9:54 ` James Le Cuirot
2017-01-01 9:48 ` [gentoo-dev] " David Seifert
2017-01-01 10:08 ` Thomas Kahle
2017-01-01 17:16 ` [gentoo-dev] " Lars Wendler
2017-01-02 19:53 ` Brian Evans
2017-01-03 9:00 ` grozin
2017-01-03 11:05 ` Michał Górny
2017-01-03 14:14 ` Why lastrite when it works? (Was: Re: [gentoo-dev] Packages up for grabs due to retirement) Michael Mol
2017-01-03 14:24 ` Damien LEVAC
2017-01-03 14:57 ` Michael Mol
2017-01-03 15:10 ` Kristian Fiskerstrand
2017-01-03 17:10 ` Matthew Thode
2017-01-03 15:11 ` Damien LEVAC
2017-01-03 17:07 ` Matthew Thode
2017-01-03 15:12 ` M. J. Everitt
2017-01-03 15:23 ` Rich Freeman
2017-01-03 15:41 ` Alice Ferrazzi
2017-01-03 16:59 ` james
2017-01-03 16:09 ` Michael Mol
2017-01-03 16:29 ` Rich Freeman
2017-01-06 4:27 ` Kent Fredric
2017-01-06 14:13 ` Michael Mol
2017-01-06 20:51 ` William L. Thomson Jr.
2017-01-06 15:01 ` Rich Freeman
2017-01-07 2:51 ` M. J. Everitt
2017-01-06 17:14 ` Alec Warner
2017-01-06 17:26 ` Rich Freeman
2017-01-06 20:46 ` William L. Thomson Jr.
2017-01-17 12:45 ` Daniel Campbell
2017-01-18 7:48 ` Sam Jorna
2017-01-07 2:58 ` M. J. Everitt
2017-01-07 2:47 ` M. J. Everitt
2017-01-04 10:34 ` Thomas Kahle
2017-01-03 14:31 ` [gentoo-dev] Packages up for grabs due to retirement M. J. Everitt
2017-01-03 14:34 ` Damien LEVAC
2017-01-04 3:11 ` Mart Raudsepp
2017-01-06 4:33 ` Kent Fredric
2017-01-06 6:00 ` Daniel Campbell
2017-01-06 8:04 ` Mart Raudsepp [this message]
2017-01-03 11:14 ` Lars Wendler
-- strict thread matches above, loose matches on Subject: below --
2018-03-03 7:38 Johann Schmitz (ercpe)
2018-03-03 8:40 ` Geaaru
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1483689875.7573.6.camel@gentoo.org \
--to=leio@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox