From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 707EA139085 for ; Tue, 3 Jan 2017 15:00:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 03EBFE0CAB; Tue, 3 Jan 2017 14:59:59 +0000 (UTC) Received: from mail-io0-x243.google.com (mail-io0-x243.google.com [IPv6:2607:f8b0:4001:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A5D8BE0C31 for ; Tue, 3 Jan 2017 14:59:58 +0000 (UTC) Received: by mail-io0-x243.google.com with SMTP id f73so56976654ioe.2 for ; Tue, 03 Jan 2017 06:59:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:user-agent:in-reply-to:references :mime-version; bh=7nRCN7mpQ4VzY/XCbgL9xHGywkmqcfTQP3JPlVVzP80=; b=eIKg52x3Rm5FbUhyF6mKQRaZ4xQuQ7oyXVfkuoKjJU/gZGc0D1gYdav9cmsaawwsKV BOd7QetAwk9p/ooArlCyXpJdSGhuFfkbeFFA7QibX256P5YtXY/m7x+VRWV6KOyD2nE6 Fc5BDzBk4RUu+ip6dkF3h4fKiddd4xE1upTPVch7esCuoe0MHGjwI1NeICXOiuM1htpH DdkGVUBrQNYpOELykK8P18EOTxt2KS10AB0dmVdfyBhx5mKzb3tSBiqQP4cwqctggAPs Kyb5h9e8xagT0Qah5j5uQm8mPkz0FhQWQxZ0Bv4IjJ8GAvyZ+hLYa+Kj9Z9Qpfrub37g WAFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:user-agent :in-reply-to:references:mime-version; bh=7nRCN7mpQ4VzY/XCbgL9xHGywkmqcfTQP3JPlVVzP80=; b=g0M2pS13FI8wMGL4W6id2wXJYknhrdITh/IW30+iXBY0cAsvy35OnPnFqTTNlpVSIS Ld+VW7JMOt2NRU6Oen8gS1d/tucyGg6JmJM2/ZYe5HzYmo9gSR+c+8O02UwkrEHbmsvQ PFaQTgzyWmksLgKpd9asHom3fV45VBoNsBvknpu8etx8l6r6KdIbULFnJAKRXjP1ZQyr u9NWGUJrarc5S5HQwsyw5SXIjD8ALGkVz9BjRkH4Hm+QaVGAmLpFd7zeIyoJ8yyJL7VR roQCm59P9h59QNF3QTR/cUdDhNJwLrP3XHH3K2B/ny9w7SZCmA7K0rC+CXTyWxO+5PmL Y/lQ== X-Gm-Message-State: AIkVDXJ5++Sdgc3vC0zszMp16vxgVskatN0rX3G0GGIIf+Gtu4NedDDYgN1KKFLYCBUcPg== X-Received: by 10.107.173.32 with SMTP id w32mr57755365ioe.136.1483455597585; Tue, 03 Jan 2017 06:59:57 -0800 (PST) Received: from mal.localnet (c-76-122-173-248.hsd1.mi.comcast.net. [76.122.173.248]) by smtp.gmail.com with ESMTPSA id 7sm8669960iox.39.2017.01.03.06.59.56 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Jan 2017 06:59:56 -0800 (PST) From: Michael Mol To: gentoo-dev@lists.gentoo.org Subject: Re: Why lastrite when it works? (Was: Re: [gentoo-dev] Packages up for grabs due to retirement) Date: Tue, 03 Jan 2017 09:57:57 -0500 Message-ID: <7959202.qokhvJWHAx@mal> User-Agent: KMail/5.2.3 (Linux/4.8.0-32-generic; KDE/5.28.0; x86_64; ; ) In-Reply-To: <589f3521-af7e-488d-8bba-4465c3a78e8e@gmail.com> References: <4a185773-6144-69b8-a466-0e554732f12f@gentoo.org> <3374938.6WoLSc5MN8@mal> <589f3521-af7e-488d-8bba-4465c3a78e8e@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart35346654.88dxhCieDL"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-Archives-Salt: c98a76fe-44a3-4a4d-ac4a-b268ce227fd5 X-Archives-Hash: 5b0018199d2ae63a6a146b3453375a8c --nextPart35346654.88dxhCieDL Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" On Tuesday, January 3, 2017 9:24:19 AM EST Damien LEVAC wrote: > On 01/03/2017 09:14 AM, Michael Mol wrote: > > On Tuesday, January 3, 2017 12:05:10 PM EST Micha=C5=82 G=C3=B3rny wrot= e: > >> On Tue, 3 Jan 2017 16:00:52 +0700 (+07) > >>=20 > >> grozin@gentoo.org wrote: > >>> On Mon, 2 Jan 2017, Brian Evans wrote: > >>>> IMO, this one should be given last-rites as upstream is dead and it > >>>> heavily depends on wireless-tools and WEXT. > >>>=20 > >>> I use it on 2 notebooks. It works fine, and is (from my point of view) > >>> the > >>> most convenient tool to control ethernet and wifi connections on a > >>> notebook. Why lastrite it when it works? > >>=20 > >> This is the Gentoo Way=E2=84=A2. Having a working software is not a go= al. > >> Gentoo focuses on the best bleeding edge experience and therefore > >> highly relies on software packages that are under active development > >> and require active maintenance. The packages in early stages of > >> development are especially interesting since they can supply users > >> and developers with variety of interesting bugs and unpredictable > >> issues. > >=20 > > Do we have detailed treatise documenting the points and counterpoints to > > "Why lastrite it when it works?" It's a question that comes up every > > month or two, and the reasons, for and against, are probably mature > > enough to get numbers, now. > >=20 > > Reason #3 in favor: "It works for me" may only be valid from a particul= ar > > perspective. Without active maintenance, there may be subtle bugs that > > aren't immediately obvious. Bugs that aren't immediately obvious aren't > > always innocuous; sometimes they're insidious background data loss. Oth= er > > times, they might be security vulnerabilities no good guy has yet > > noticed. >=20 > ...and sometimes a package just stop being "actively" maintained because > it is feature-complete (as far as the goals of the project were > concerned) and just works. >=20 > The minimum conditions to lastrite something should be not actively > maintained _and_ with open bugs What happens when the bugs exist, but nobody knows they're there? Let's say= =20 someone got a copy of Coverity and ran it on long-stable, ridiculously matu= re=20 packages. They get a bunch of hits, but they keep it to themselves and inst= ead=20 develop exploits for the bugs they found. =46or security's sake, even mature software needs, at minimum, routine audi= ting.=20 Unless someone's doing that work, the package should be considered for=20 removal. (Call that reason # =CF=80, in honor of TeX.) (I'm really not trying to start yet another massive thread on the subject,= =20 hence my original question: Do we have a documented treatise on the questio= n?=20 Not "Gentoo's Official Policy", but rather the rationales and counterpoints= ?)=20 --nextPart35346654.88dxhCieDL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQEcBAABCAAGBQJYa7v1AAoJED5TcEBdxYwQmu8H/0rI1WvtYRuRrqWYaN2453Cv DBPYiZ4u5HDfm6wGsRvxCfNh0MInUuNn60f32ZQWzhcAGzHIq/kAxsHyGSJVLgZu EmHrS0dTZu5Vk9zQSWqjH4b1RCddi8yWCnDFk5hMh7qWa9uD8qfpOIfUHpudWLUb nAOTMqGk0oVm3kLAC4nHI3Ce7/B0GDLEqedn32aM7Gj7CQfJ0C2ON1SRtF+JDokz SYafBCVIy8EXfGGJ4OGb7zHeCC+u0PMle0Q+ZCi6cnR6pn/CzbuxuBlLbWsy5GGl kZ8MBu9ebjEcnPvcsti46nhklLSPcCdEl5uNpyNNWBZKlSFedGGaIv3nkfcwIRk= =8eSO -----END PGP SIGNATURE----- --nextPart35346654.88dxhCieDL--