On Sat, Mar 23, 2019 at 10:17 AM Alec Warner <antarus@gentoo.org> wrote:
>
>
> Avoid letting the perfect be the enemy of the good here.

Indeed, we need to avoid treating packages as unmaintained simply
because they have open bugs.

Many packages have bugs that are fairly trivial in nature, or build
issues that only show up in fairly obscure configurations.  These
often affect only a single user.

If we treeclean the package we don't actually fix the problem - we
just drive it to an overlay.  Now instead of a package that works for
11/12 users and has an obscure but, we now have a package that isn't
getting monitored for security issues, and other QA issues that might
actually be fixed if they were pointed out.

> Rules:
> A package is unmaintained if it:
>   - Has not been touched in 5 years

Do we really want to bump packages just for the sake of saying that
they've been touched?  That seems a bit much.

>   - Is behind 3 versions AND hasn't been touched in 2 years

If we have the ability to detect if a package is behind upstream,
perhaps we should actually file bugs about this so that the maintainer
is aware.

However, the fact that a newer version exists doesn't necessarily mean
that there is a problem with the older version.  For some types of
software a maintainer might be picky about what updates they accept.
For example, they might need to synchronize versions with other
distros that update less often/etc.  They should of course accept
contributions from others willing to test, but the fact that somebody
is maintaining a package on Gentoo doesn't obligate them to always
support the latest version of that package.

Now, obviously if there is a security issue/etc then we should follow
the existing security policies, but those are already established.

--
Rich