1 |
On Tue, Sep 20, 2016 at 12:00 PM, Michael Mol <mikemol@×××××.com> wrote: |
2 |
> On Friday, September 16, 2016 09:54:42 PM Duncan wrote: |
3 |
>> |
4 |
>> Why treeclean it, if it still works and can still be built against in- |
5 |
>> tree python? |
6 |
>> |
7 |
>> Sometimes mature packages don't get further maintenance because they |
8 |
>> "just work" as they are, and don't _need_ to eventually be bloated to |
9 |
>> include email and browsing functionality or whatever. |
10 |
>> |
11 |
>> Of course if it requires old python and eventually the last supported in- |
12 |
>> tree python is being removed, and nobody steps up to update it then, |
13 |
>> /then/ it should be removed from the tree as it'll be broken /then/, but |
14 |
>> that's not the case now, as Hanno explicitly said it still seems to work. |
15 |
> |
16 |
> It needs a maintainer. Are you offering? |
17 |
> |
18 |
> Packages without maintainers anywhere along the line (either local or |
19 |
> upstream) risk having security vulnerabilities go unfixed (or even |
20 |
> unacknowledged) simply from having nobody who actually cares about the |
21 |
> package. Very little "just works", even if it appears to, after a decade or |
22 |
> two of little to no modifications or maintenance, if only because hidden |
23 |
> assumptions the software makes about its environment cease to hold true. |
24 |
|
25 |
This is a general statement that could apply to any package, but in |
26 |
general it is not a policy that packages must be treecleaned simply |
27 |
because they're unmaintained. |
28 |
|
29 |
I'm all for removing packages as soon as they become a burden but not before. |
30 |
|
31 |
> So long as it continues to "just work", the work involved in being a proxy |
32 |
> maintainer should be next to nil. |
33 |
|
34 |
This is silly. It just encourages people to put their name down and |
35 |
not touch the package simply so that it doesn't get treecleaned. |
36 |
|
37 |
Heck, I've done this, maintaining one package that I don't think I've |
38 |
made a single commit to since I rescued it from treecleaning. If it |
39 |
ever becomes a burden on somebody else I'll happily remove it. It |
40 |
just seems silly, and it might actually reduce the incentive for |
41 |
somebody else to step up and actually maintain it because it doesn't |
42 |
go on list of maintainer-needed packages. In this way the rush to |
43 |
treeclean stuff that works actually results in stuff that is LESS |
44 |
maintained but still in the tree. |
45 |
|
46 |
-- |
47 |
Rich |