| 1 |
On Tue, Sep 20, 2016 at 12:00 PM, Michael Mol <mikemol@×××××.com> wrote: |
| 2 |
> On Friday, September 16, 2016 09:54:42 PM Duncan wrote: |
| 3 |
>> |
| 4 |
>> Why treeclean it, if it still works and can still be built against in- |
| 5 |
>> tree python? |
| 6 |
>> |
| 7 |
>> Sometimes mature packages don't get further maintenance because they |
| 8 |
>> "just work" as they are, and don't _need_ to eventually be bloated to |
| 9 |
>> include email and browsing functionality or whatever. |
| 10 |
>> |
| 11 |
>> Of course if it requires old python and eventually the last supported in- |
| 12 |
>> tree python is being removed, and nobody steps up to update it then, |
| 13 |
>> /then/ it should be removed from the tree as it'll be broken /then/, but |
| 14 |
>> that's not the case now, as Hanno explicitly said it still seems to work. |
| 15 |
> |
| 16 |
> It needs a maintainer. Are you offering? |
| 17 |
> |
| 18 |
> Packages without maintainers anywhere along the line (either local or |
| 19 |
> upstream) risk having security vulnerabilities go unfixed (or even |
| 20 |
> unacknowledged) simply from having nobody who actually cares about the |
| 21 |
> package. Very little "just works", even if it appears to, after a decade or |
| 22 |
> two of little to no modifications or maintenance, if only because hidden |
| 23 |
> assumptions the software makes about its environment cease to hold true. |
| 24 |
|
| 25 |
This is a general statement that could apply to any package, but in |
| 26 |
general it is not a policy that packages must be treecleaned simply |
| 27 |
because they're unmaintained. |
| 28 |
|
| 29 |
I'm all for removing packages as soon as they become a burden but not before. |
| 30 |
|
| 31 |
> So long as it continues to "just work", the work involved in being a proxy |
| 32 |
> maintainer should be next to nil. |
| 33 |
|
| 34 |
This is silly. It just encourages people to put their name down and |
| 35 |
not touch the package simply so that it doesn't get treecleaned. |
| 36 |
|
| 37 |
Heck, I've done this, maintaining one package that I don't think I've |
| 38 |
made a single commit to since I rescued it from treecleaning. If it |
| 39 |
ever becomes a burden on somebody else I'll happily remove it. It |
| 40 |
just seems silly, and it might actually reduce the incentive for |
| 41 |
somebody else to step up and actually maintain it because it doesn't |
| 42 |
go on list of maintainer-needed packages. In this way the rush to |
| 43 |
treeclean stuff that works actually results in stuff that is LESS |
| 44 |
maintained but still in the tree. |
| 45 |
|
| 46 |
-- |
| 47 |
Rich |
Archives