1 |
On Sun, Jul 21, 2013 at 11:22 AM, hasufell <hasufell@g.o> wrote: |
2 |
> I am maintaining it for some months now and it has reached a state |
3 |
> where we should think about treecleaning it. |
4 |
|
5 |
++ |
6 |
|
7 |
> Maintaining a package in gentoo implies a few things for me: |
8 |
> We are able to support it properly which either means that we can |
9 |
> communicate with upstream or at least (if that fails) fix bugs on our |
10 |
> own. Currently, both does not apply to googleearth which means we |
11 |
> cannot resolve a lot of bugs in any way. |
12 |
> Also... software in the tree should meet a minimum of quality and we |
13 |
> should not support vulnerable and broken software officially. |
14 |
|
15 |
From your description it seems like Google Earth is really pushing it. |
16 |
I wouldn't call it "vulnerable" and "broken" though - software is |
17 |
only vulnerable if there is a known exploit. Bundling libraries is |
18 |
bad practice because it increases the risk of such vulnerabilities |
19 |
existing, but on its own shouldn't be grounds for removal. It |
20 |
certainly has the potential to increase the workload for maintainers |
21 |
though. |
22 |
|
23 |
My sense is that none of the problems you listed should really be |
24 |
considered a reason that something MUST be removed from the tree, but |
25 |
they certainly tend to add up. If somebody wants to take over |
26 |
wrestling with it I don't think we should look down on that though. |
27 |
|
28 |
Rich |