| 1 |
On Thursday, July 07, 2016 06:37:09 AM Duncan wrote: |
| 2 |
> J. Roeleveld posted on Wed, 06 Jul 2016 20:22:57 +0200 as excerpted: |
| 3 |
> > On Thursday, June 30, 2016 10:30:07 PM Aaron Bauman wrote: |
| 4 |
> >> # Aaron Bauman <bman@g.o> (30 Jun 2016) |
| 5 |
> >> # Unpatched security vulnerability per bug #509920. |
| 6 |
> >> # Removal in 30 days www-apps/egroupware |
| 7 |
> > |
| 8 |
> > Why is this bug being used to treeclean egroupware? |
| 9 |
> > |
| 10 |
> > Why is bug 461212 not being used to actually resolve the issue? |
| 11 |
> > If I would actually be confident that it would actually be used, I would |
| 12 |
> > have no issue on trying to get my latest ebuild ( version 14.3.20160525 |
| 13 |
> > ) converted to the latest standards. |
| 14 |
> |
| 15 |
> According to equery meta, egroupware has no individual developer |
| 16 |
> maintainer and no proxied maintainer, only the webapps project as |
| 17 |
> maintainer. And apparently there, nobody has been specifically |
| 18 |
> interested in egroupware, so it has fallen thru the cracks to some |
| 19 |
> degree, tho newer versions /may/ be in the webapps-experimental overlay. |
| 20 |
|
| 21 |
I tried contacting the web-apps project directly, but never received a reply. |
| 22 |
|
| 23 |
> Here's the webapps project wiki page: |
| 24 |
> |
| 25 |
> https://wiki.gentoo.org/wiki/Project:Webapps |
| 26 |
> |
| 27 |
> That has this to say when discussing the overlay, quote: |
| 28 |
> |
| 29 |
.... |
| 30 |
> |
| 31 |
> The overlay can be found here: |
| 32 |
> https://cgit.gentoo.org/proj/webapps-experimental.git/ |
| 33 |
|
| 34 |
Last commit in 2011. |
| 35 |
|
| 36 |
> Warning |
| 37 |
> Please remember that the applications available through the overlay might |
| 38 |
> compromise the security of your server! |
| 39 |
> |
| 40 |
> The overlay is an ideal playground for new developers wishing to join our |
| 41 |
> team. Once we see that you are capable of writing ebuilds of reasonable |
| 42 |
> quality, we can provide you with commit rights to the overlay. |
| 43 |
> |
| 44 |
> End quote. |
| 45 |
> |
| 46 |
> |
| 47 |
> So it's possible newer versions are in the overlay, and they simply |
| 48 |
> decided it was too much of a load to keep a version in the tree as well. |
| 49 |
> |
| 50 |
> If there /aren't/ newer versions in the overlay, presumably it's because |
| 51 |
> nobody that has access has been interested in maintaining it in the |
| 52 |
> overlay either. |
| 53 |
> |
| 54 |
> Either way, given your obvious interest, I'd suggest contacting them |
| 55 |
> about overlay commit rights, and/or volunteering to be the proxied |
| 56 |
> maintainer for this particular package. |
| 57 |
|
| 58 |
Is there a way of finding out who are actually in the web-app project and which |
| 59 |
of them would be able and willing to work with me on this and other web |
| 60 |
applications that I actively use? |
| 61 |
|
| 62 |
From the lack of response to the email and lack of updates on the overlay, the |
| 63 |
project seems dead to me. |
| 64 |
|
| 65 |
-- |
| 66 |
Joost |
Archives