| 1 |
On Sun, 24 Mar 2013 19:40:07 -0400 |
| 2 |
Rich Freeman <rich0@g.o> wrote: |
| 3 |
|
| 4 |
> On Sun, Mar 24, 2013 at 3:24 PM, Ian Stakenvicius <axs@g.o> |
| 5 |
> wrote: |
| 6 |
> > The number of open bugs doesn't really matter, it's what those bugs |
| 7 |
> > are that matters -- security bugs, sure, are of a higher priority |
| 8 |
> > and can be fairly easily detected in bugzilla. |
| 9 |
> |
| 10 |
> Well, our current treecleaner policy seems to be that if a package |
| 11 |
> isn't maintained and has any bugs open at all it is fair game. The |
| 12 |
> caveat to that is that trivial bugs are grounds for fixing instead of |
| 13 |
> removals (bad DEPEND atoms, simple-to-fix, etc). Google the full |
| 14 |
> policy for details. |
| 15 |
> |
| 16 |
> I think that a better policy would be rather than having any open |
| 17 |
> non-trivial bugs we list the sorts of bugs that should be grounds for |
| 18 |
> removal, such as: |
| 19 |
> |
| 20 |
> 1. Package does not build in the majority of cases on all archs. |
| 21 |
> (Unkeywording is the solution for individual archs that are broken, if |
| 22 |
> not easily fixable. Not building some of the time isn't grounds for |
| 23 |
> removal.) |
| 24 |
> |
| 25 |
> 2. Package has an open security bug. (Cuneiform is a borderline case |
| 26 |
> of this - no exploit/CVE but I wouldn't use it on a server being fed |
| 27 |
> images submitted by strangers.) |
| 28 |
> |
| 29 |
> 3. Package is blocking another package. Maintained packages always |
| 30 |
> take priority over unmaintained ones. |
| 31 |
> |
| 32 |
> Perhaps there are other cases which should be included, but I think |
| 33 |
> this covers most of them. If a package isn't blocking anything else, |
| 34 |
> doesn't have security problems, and works most of the time, then I |
| 35 |
> think it should generally be kept. |
| 36 |
|
| 37 |
This souds very promising. Could we leave out point 2 though? Gentoo |
| 38 |
puts lot of decision power to users. Can it be so also in this case? |
| 39 |
Users will have to be informed that the package has security issues of |
| 40 |
course, for example, by mentioning it in the mask note. |
| 41 |
|
| 42 |
Robert |
| 43 |
|
| 44 |
|
| 45 |
-- |
| 46 |
Róbert Èeròanský |
| 47 |
E-mail: openhs@×××××××××.com |
| 48 |
Jabber: hs@××××××.sk |
Archives