From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 0950C138010 for ; Mon, 25 Mar 2013 07:06:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C6ACBE08B2; Mon, 25 Mar 2013 07:06:25 +0000 (UTC) Received: from www-51-3.vfemail.net (mail.vfemail.net [108.76.175.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4F383E088D for ; Mon, 25 Mar 2013 07:05:50 +0000 (UTC) Received: (qmail 37178 invoked by uid 89); 25 Mar 2013 07:05:07 -0000 Received: by simscan 1.4.0 ppid: 37161, pid: 37174, t: 0.6036s scanners: clamav: 0.95.2/m:51/d:9604 Received: from unknown (HELO amit.localdomain) (aHNAdmZlbWFpbC5uZXQ=@MTc4LjQwLjIzNy4xMDA=) by 172.16.100.53 with ESMTPA; 25 Mar 2013 07:05:07 -0000 Received: by amit.localdomain (Postfix, from userid 11000) id B675C8B7880; Mon, 25 Mar 2013 08:05:00 +0100 (CET) Date: Mon, 25 Mar 2013 08:05:00 +0100 From: =?ISO-8859-2?B?UvNiZXJ0IMhlcvJhbnNr/Q==?= To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Last rites: app-text/cuneiform In-Reply-To: References: <514CE32C.7090509@gentoo.org> <20130324132456.13752.qmail@stuge.se> <20130324135232.15911.qmail@stuge.se> <514F13BD.7050403@gentoo.org> <20130324151916.23155.qmail@stuge.se> <514F52FE.7080004@gentoo.org> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.12; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: quoted-printable Message-Id: <20130325070500.B675C8B7880@amit.localdomain> X-Archives-Salt: bfb9d683-0b96-4879-bdc5-3fd226a19d43 X-Archives-Hash: 73d6e14491630b9428186538b5cbdaea On Sun, 24 Mar 2013 19:40:07 -0400 Rich Freeman wrote: > On Sun, Mar 24, 2013 at 3:24 PM, Ian Stakenvicius > wrote: > > The number of open bugs doesn't really matter, it's what those bugs > > are that matters -- security bugs, sure, are of a higher priority > > and can be fairly easily detected in bugzilla. >=20 > Well, our current treecleaner policy seems to be that if a package > isn't maintained and has any bugs open at all it is fair game. The > caveat to that is that trivial bugs are grounds for fixing instead of > removals (bad DEPEND atoms, simple-to-fix, etc). Google the full > policy for details. >=20 > I think that a better policy would be rather than having any open > non-trivial bugs we list the sorts of bugs that should be grounds for > removal, such as: >=20 > 1. Package does not build in the majority of cases on all archs. > (Unkeywording is the solution for individual archs that are broken, if > not easily fixable. Not building some of the time isn't grounds for > removal.) >=20 > 2. Package has an open security bug. (Cuneiform is a borderline case > of this - no exploit/CVE but I wouldn't use it on a server being fed > images submitted by strangers.) >=20 > 3. Package is blocking another package. Maintained packages always > take priority over unmaintained ones. >=20 > Perhaps there are other cases which should be included, but I think > this covers most of them. If a package isn't blocking anything else, > doesn't have security problems, and works most of the time, then I > think it should generally be kept. This souds very promising. Could we leave out point 2 though? Gentoo puts lot of decision power to users. Can it be so also in this case? Users will have to be informed that the package has security issues of course, for example, by mentioning it in the mask note. Robert --=20 R=F3bert =C8er=F2ansk=FD E-mail: openhs@tightmail.com Jabber: hs@jabber.sk