| 1 |
On Sun, Mar 24, 2013 at 4:40 PM, Rich Freeman <rich0@g.o> wrote: |
| 2 |
> On Sun, Mar 24, 2013 at 3:24 PM, Ian Stakenvicius <axs@g.o> wrote: |
| 3 |
>> The number of open bugs doesn't really matter, it's what those bugs |
| 4 |
>> are that matters -- security bugs, sure, are of a higher priority and |
| 5 |
>> can be fairly easily detected in bugzilla. |
| 6 |
> |
| 7 |
> Well, our current treecleaner policy seems to be that if a package |
| 8 |
> isn't maintained and has any bugs open at all it is fair game. The |
| 9 |
> caveat to that is that trivial bugs are grounds for fixing instead of |
| 10 |
> removals (bad DEPEND atoms, simple-to-fix, etc). Google the full |
| 11 |
> policy for details. |
| 12 |
|
| 13 |
So Treecleaners exists to do two jobs. |
| 14 |
|
| 15 |
1) Keep the number of packages in the tree from growing out of |
| 16 |
control. It is easier to add software to the tree than to remove it. |
| 17 |
There is no policy for adding software to the tree (in terms of |
| 18 |
minimum # of users, etc.) There is a policy for removal. Prior to the |
| 19 |
policy being adopted, I would remove packages without notice (or |
| 20 |
often, without masking.) This angered people, which is why the policy |
| 21 |
was adopted; to inform users why a package was being removed, and what |
| 22 |
they could do about it. This is why the masks exist at all. |
| 23 |
|
| 24 |
2) Remove dead packages. This is perhaps the more hotly debated |
| 25 |
section. My intention was not to remove packages that compiled and |
| 26 |
worked, but had bugs. I think your statement about buggy packages is |
| 27 |
apt. In many cases the target of TreeCleaners was portions of the tree |
| 28 |
that were basically under-maintained and dead. This consisted of |
| 29 |
software that did not build, or built, but did not run. Generally |
| 30 |
security bugs were already taken by security@ (in 2007 anyway.) |
| 31 |
|
| 32 |
Sometimes users are using dead packages. One of the reasons why |
| 33 |
proxy-maint was established was to get interested users to step up and |
| 34 |
maintain the packages they wanted; in the beginning I wanted |
| 35 |
TreeCleaners to be 'maintainer-needed' and fix up all the broken |
| 36 |
packages. Sadly though, there are too many broken packages for such a |
| 37 |
small team. |
| 38 |
|
| 39 |
-A |
| 40 |
|
| 41 |
> |
| 42 |
> I think that a better policy would be rather than having any open |
| 43 |
> non-trivial bugs we list the sorts of bugs that should be grounds for |
| 44 |
> removal, such as: |
| 45 |
> |
| 46 |
> 1. Package does not build in the majority of cases on all archs. |
| 47 |
> (Unkeywording is the solution for individual archs that are broken, if |
| 48 |
> not easily fixable. Not building some of the time isn't grounds for |
| 49 |
> removal.) |
| 50 |
> |
| 51 |
> 2. Package has an open security bug. (Cuneiform is a borderline case |
| 52 |
> of this - no exploit/CVE but I wouldn't use it on a server being fed |
| 53 |
> images submitted by strangers.) |
| 54 |
> |
| 55 |
> 3. Package is blocking another package. Maintained packages always |
| 56 |
> take priority over unmaintained ones. |
| 57 |
> |
| 58 |
> Perhaps there are other cases which should be included, but I think |
| 59 |
> this covers most of them. If a package isn't blocking anything else, |
| 60 |
> doesn't have security problems, and works most of the time, then I |
| 61 |
> think it should generally be kept. |
| 62 |
> |
| 63 |
> Rich |
| 64 |
> |
Archives