| 1 |
On Tue, Sep 20, 2016 at 9:00 AM, Michael Mol <mikemol@×××××.com> wrote: |
| 2 |
|
| 3 |
> On Friday, September 16, 2016 09:54:42 PM Duncan wrote: |
| 4 |
> > Kristian Fiskerstrand posted on Fri, 16 Sep 2016 14:58:22 +0200 as |
| 5 |
> > |
| 6 |
> > excerpted: |
| 7 |
> > > On 09/16/2016 02:31 PM, Hanno Böck wrote: |
| 8 |
> > >> media-gfx/skencil is a python-written vector graphics tool. It was |
| 9 |
> once |
| 10 |
> > >> popular before inkscape became the de-facto-standard. It hasn't seen |
| 11 |
> > >> any upstream activity for a decade(!), but surprisingly it still seems |
| 12 |
> > >> to work. |
| 13 |
> > >> |
| 14 |
> > >> I haven't used it for many years myself. |
| 15 |
> > >> |
| 16 |
> > >> There are 4 open bugs in bugzilla. |
| 17 |
> > >> |
| 18 |
> > >> Anyone interested in taking it? (else the usual: will be reassigned to |
| 19 |
> > >> maintainer-needed) |
| 20 |
> > > |
| 21 |
> > > Also sounds like a candidate for treecleaning / moving to an overlay |
| 22 |
> and |
| 23 |
> > > not keeping non-upstream maintained things in tree if nobody want to |
| 24 |
> > > take the maintainer burden of it. |
| 25 |
> > |
| 26 |
> > Why treeclean it, if it still works and can still be built against in- |
| 27 |
> > tree python? |
| 28 |
> > |
| 29 |
> > Sometimes mature packages don't get further maintenance because they |
| 30 |
> > "just work" as they are, and don't _need_ to eventually be bloated to |
| 31 |
> > include email and browsing functionality or whatever. |
| 32 |
> > |
| 33 |
> > Of course if it requires old python and eventually the last supported in- |
| 34 |
> > tree python is being removed, and nobody steps up to update it then, |
| 35 |
> > /then/ it should be removed from the tree as it'll be broken /then/, but |
| 36 |
> > that's not the case now, as Hanno explicitly said it still seems to work. |
| 37 |
> |
| 38 |
> It needs a maintainer. Are you offering? |
| 39 |
> |
| 40 |
> Packages without maintainers anywhere along the line (either local or |
| 41 |
> upstream) risk having security vulnerabilities go unfixed (or even |
| 42 |
> unacknowledged) simply from having nobody who actually cares about the |
| 43 |
> package. Very little "just works", even if it appears to, after a decade or |
| 44 |
> two of little to no modifications or maintenance, if only because hidden |
| 45 |
> assumptions the software makes about its environment cease to hold true. |
| 46 |
> |
| 47 |
> |
| 48 |
The current policy is to not remove stuff unless it is actually broken. |
| 49 |
|
| 50 |
-A |
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
> So long as it continues to "just work", the work involved in being a proxy |
| 55 |
> maintainer should be next to nil. If it doesn't continue to just work, |
| 56 |
> then at |
| 57 |
> least you have a better idea about what's going on...you might even find |
| 58 |
> effective ways to deal with the problem, either by fixing the package |
| 59 |
> yourself |
| 60 |
> or providing backpressure on the environment changes that have broken (or |
| 61 |
> threaten to break) it. |
| 62 |
> |
| 63 |
> -- |
| 64 |
> :wq |
Archives