1 |
On Sun, Mar 24, 2013 at 4:40 PM, Rich Freeman <rich0@g.o> wrote: |
2 |
> On Sun, Mar 24, 2013 at 3:24 PM, Ian Stakenvicius <axs@g.o> wrote: |
3 |
>> The number of open bugs doesn't really matter, it's what those bugs |
4 |
>> are that matters -- security bugs, sure, are of a higher priority and |
5 |
>> can be fairly easily detected in bugzilla. |
6 |
> |
7 |
> Well, our current treecleaner policy seems to be that if a package |
8 |
> isn't maintained and has any bugs open at all it is fair game. The |
9 |
> caveat to that is that trivial bugs are grounds for fixing instead of |
10 |
> removals (bad DEPEND atoms, simple-to-fix, etc). Google the full |
11 |
> policy for details. |
12 |
|
13 |
So Treecleaners exists to do two jobs. |
14 |
|
15 |
1) Keep the number of packages in the tree from growing out of |
16 |
control. It is easier to add software to the tree than to remove it. |
17 |
There is no policy for adding software to the tree (in terms of |
18 |
minimum # of users, etc.) There is a policy for removal. Prior to the |
19 |
policy being adopted, I would remove packages without notice (or |
20 |
often, without masking.) This angered people, which is why the policy |
21 |
was adopted; to inform users why a package was being removed, and what |
22 |
they could do about it. This is why the masks exist at all. |
23 |
|
24 |
2) Remove dead packages. This is perhaps the more hotly debated |
25 |
section. My intention was not to remove packages that compiled and |
26 |
worked, but had bugs. I think your statement about buggy packages is |
27 |
apt. In many cases the target of TreeCleaners was portions of the tree |
28 |
that were basically under-maintained and dead. This consisted of |
29 |
software that did not build, or built, but did not run. Generally |
30 |
security bugs were already taken by security@ (in 2007 anyway.) |
31 |
|
32 |
Sometimes users are using dead packages. One of the reasons why |
33 |
proxy-maint was established was to get interested users to step up and |
34 |
maintain the packages they wanted; in the beginning I wanted |
35 |
TreeCleaners to be 'maintainer-needed' and fix up all the broken |
36 |
packages. Sadly though, there are too many broken packages for such a |
37 |
small team. |
38 |
|
39 |
-A |
40 |
|
41 |
> |
42 |
> I think that a better policy would be rather than having any open |
43 |
> non-trivial bugs we list the sorts of bugs that should be grounds for |
44 |
> removal, such as: |
45 |
> |
46 |
> 1. Package does not build in the majority of cases on all archs. |
47 |
> (Unkeywording is the solution for individual archs that are broken, if |
48 |
> not easily fixable. Not building some of the time isn't grounds for |
49 |
> removal.) |
50 |
> |
51 |
> 2. Package has an open security bug. (Cuneiform is a borderline case |
52 |
> of this - no exploit/CVE but I wouldn't use it on a server being fed |
53 |
> images submitted by strangers.) |
54 |
> |
55 |
> 3. Package is blocking another package. Maintained packages always |
56 |
> take priority over unmaintained ones. |
57 |
> |
58 |
> Perhaps there are other cases which should be included, but I think |
59 |
> this covers most of them. If a package isn't blocking anything else, |
60 |
> doesn't have security problems, and works most of the time, then I |
61 |
> think it should generally be kept. |
62 |
> |
63 |
> Rich |
64 |
> |