1 |
On Sun, 24 Mar 2013 19:40:07 -0400 |
2 |
Rich Freeman <rich0@g.o> wrote: |
3 |
|
4 |
> On Sun, Mar 24, 2013 at 3:24 PM, Ian Stakenvicius <axs@g.o> |
5 |
> wrote: |
6 |
> > The number of open bugs doesn't really matter, it's what those bugs |
7 |
> > are that matters -- security bugs, sure, are of a higher priority |
8 |
> > and can be fairly easily detected in bugzilla. |
9 |
> |
10 |
> Well, our current treecleaner policy seems to be that if a package |
11 |
> isn't maintained and has any bugs open at all it is fair game. The |
12 |
> caveat to that is that trivial bugs are grounds for fixing instead of |
13 |
> removals (bad DEPEND atoms, simple-to-fix, etc). Google the full |
14 |
> policy for details. |
15 |
> |
16 |
> I think that a better policy would be rather than having any open |
17 |
> non-trivial bugs we list the sorts of bugs that should be grounds for |
18 |
> removal, such as: |
19 |
> |
20 |
> 1. Package does not build in the majority of cases on all archs. |
21 |
> (Unkeywording is the solution for individual archs that are broken, if |
22 |
> not easily fixable. Not building some of the time isn't grounds for |
23 |
> removal.) |
24 |
> |
25 |
> 2. Package has an open security bug. (Cuneiform is a borderline case |
26 |
> of this - no exploit/CVE but I wouldn't use it on a server being fed |
27 |
> images submitted by strangers.) |
28 |
> |
29 |
> 3. Package is blocking another package. Maintained packages always |
30 |
> take priority over unmaintained ones. |
31 |
> |
32 |
> Perhaps there are other cases which should be included, but I think |
33 |
> this covers most of them. If a package isn't blocking anything else, |
34 |
> doesn't have security problems, and works most of the time, then I |
35 |
> think it should generally be kept. |
36 |
|
37 |
This souds very promising. Could we leave out point 2 though? Gentoo |
38 |
puts lot of decision power to users. Can it be so also in this case? |
39 |
Users will have to be informed that the package has security issues of |
40 |
course, for example, by mentioning it in the mask note. |
41 |
|
42 |
Robert |
43 |
|
44 |
|
45 |
-- |
46 |
Róbert Èeròanský |
47 |
E-mail: openhs@×××××××××.com |
48 |
Jabber: hs@××××××.sk |