| 1 |
160708 William Hubbs wrote: |
| 2 |
> On Fri, Jul 08, 2016 at 05:56:04PM +0300, Andrew Savchenko wrote: |
| 3 |
>> IMO the criteria should be whether they work or not, |
| 4 |
>> not whether upstream is more or less active. |
| 5 |
>> If they're blockers on other work, by all means cull them. |
| 6 |
>> However, if the biggest problem with them is |
| 7 |
>> that they're using a few inodes in the repo, they should probably stay. |
| 8 |
> There is an overlay for packages that are removed from the official tree |
| 9 |
> -- https://github.com/gentoo/graveyard -- |
| 10 |
> and that is where old software should go, |
| 11 |
> if it doesn't have an active maintainer. |
| 12 |
|
| 13 |
A lot of this lengthy discussion is missing some basic points, |
| 14 |
though a few people have mentioned them in passing. |
| 15 |
As someone who has used Gentoo exclusively since 2003 |
| 16 |
& who raised the objections to removal of Xcdroast + Nethack, |
| 17 |
let me try to get you all to focus on the real-life issues. |
| 18 |
|
| 19 |
(1) The fact that a pkg has little or no upstream support |
| 20 |
or that it doesn't have an active Gentoo maintainer |
| 21 |
is not a reason for removing it from the regular tree. |
| 22 |
|
| 23 |
One basic reason some software is no longer being actively developed |
| 24 |
is simply that they work perfectly well as they now are, |
| 25 |
eg the file manager Krusader & the desktop manager Fluxbox : |
| 26 |
both of these are very useful & have no drop-in replacements, |
| 27 |
but very little development has occurred for several years. |
| 28 |
The same is true of Xcdroast & Nethack, which have been threatened, |
| 29 |
but which have been rescued after some small patches have been applied. |
| 30 |
This is likely to be true of more + more pkgs, as time passes : |
| 31 |
even changes in the kernel these days rarely affect desktop users. |
| 32 |
|
| 33 |
(2) There are 3 basic categories of Gentoo user : |
| 34 |
(a) server-farm managers, (b) multi-user sysadmins, (c) single-users. |
| 35 |
Each of these have different security concerns : |
| 36 |
(a) need to be alert to the many threats from all over the Internet ; |
| 37 |
(b) need (among other things) to prevent privilege escalation ; |
| 38 |
(c) are largely immune to those types of threat, |
| 39 |
though a few of the Internet variety can affect them. |
| 40 |
|
| 41 |
The security objections raised against Xcdroast + Nethack |
| 42 |
were both problems which would arise only on multi-user systems, |
| 43 |
yet single-users were also to be deprived of access to them. |
| 44 |
Perhaps part of the problem is that many Gentoo developers |
| 45 |
also earn their livings as sysadmins with many users or many servers : |
| 46 |
the simpler happier world of single-users escapes their attention. |
| 47 |
|
| 48 |
(3) Users generally don't want to be developers : they're too busy or too old. |
| 49 |
Asking them "Are you willing to maintain it yourself ?" is a silly excuse ; |
| 50 |
offering them the chance to dig around in a graveyard is even worse ; |
| 51 |
even maintaining an overlay is a nuisance : I tried it with KDE Sunset. |
| 52 |
Neither Xcdroast nor Nethack belong in a graveyard of any kind : |
| 53 |
once the obscure security problems have been fixed, |
| 54 |
they belong in the regular tree marked 'stable', |
| 55 |
like many other pkgs whose development has been completed. |
| 56 |
|
| 57 |
Users all do -- or should -- appreciate the unpaid work of the developers, |
| 58 |
but developers also need to realise that without non-developer users |
| 59 |
Gentoo would very quickly die & their justified pride + satisfaction die too. |
| 60 |
|
| 61 |
(4) I have 3 simple recommendations to fix the everyday problems. |
| 62 |
|
| 63 |
(a) the justification for tree-cleaning should be explicitly |
| 64 |
that a pkg either (i) won't compile, (ii) crashes when run |
| 65 |
or (iii) has a serious security hole which affects all 3 types of user. |
| 66 |
|
| 67 |
(b) there needs to be a developer role 'General Maintainer', |
| 68 |
who should be available to look at pkgs which have no regular maintainer, |
| 69 |
but which compile, run properly & are generally secure : |
| 70 |
their job would be to step in, like Mr Savchenko -- thanks again -- , |
| 71 |
to fix small problems which would otherwise be neglected ; |
| 72 |
less formally, all developers might see it as part of their role |
| 73 |
to help out occasionally with such small problems. |
| 74 |
|
| 75 |
(c) Gentoo's rules + policies need explicitly to reflect the fact |
| 76 |
that there are 3 types of user, as described : |
| 77 |
eg some pkgs might be marked as 'not safe for multi-user systems' ; |
| 78 |
that would recognise real distinctions which are now being ignored. |
| 79 |
|
| 80 |
HTH & thanks as always to all of you for making Gentoo work since 2003. |
| 81 |
|
| 82 |
-- |
| 83 |
========================,,============================================ |
| 84 |
SUPPORT ___________//___, Philip Webb |
| 85 |
ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto |
| 86 |
TRANSIT `-O----------O---' purslowatchassdotutorontodotca |
Archives