| 1 |
Alec Warner posted on Tue, 20 Sep 2016 19:06:11 -0700 as excerpted: |
| 2 |
|
| 3 |
> On Tue, Sep 20, 2016 at 9:00 AM, Michael Mol <mikemol@×××××.com> wrote: |
| 4 |
> |
| 5 |
>> On Friday, September 16, 2016 09:54:42 PM Duncan wrote: |
| 6 |
>> > Kristian Fiskerstrand posted on Fri, 16 Sep 2016 14:58:22 +0200 as |
| 7 |
>> > |
| 8 |
>> > excerpted: |
| 9 |
>> > > On 09/16/2016 02:31 PM, Hanno Böck wrote: |
| 10 |
>> > >> media-gfx/skencil is a python-written vector graphics tool. It was |
| 11 |
>> once |
| 12 |
>> > >> popular before inkscape became the de-facto-standard. It hasn't |
| 13 |
>> > >> seen any upstream activity for a decade(!), but surprisingly it |
| 14 |
>> > >> still seems to work. |
| 15 |
>> > >> |
| 16 |
>> > >> I haven't used it for many years myself. |
| 17 |
>> > >> |
| 18 |
>> > >> There are 4 open bugs in bugzilla. |
| 19 |
>> > >> |
| 20 |
>> > >> Anyone interested in taking it? (else the usual: will be |
| 21 |
>> > >> reassigned to maintainer-needed) |
| 22 |
>> > > |
| 23 |
>> > > Also sounds like a candidate for treecleaning / moving to an |
| 24 |
>> > > overlay |
| 25 |
>> and |
| 26 |
>> > > not keeping non-upstream maintained things in tree if nobody want |
| 27 |
>> > > to take the maintainer burden of it. |
| 28 |
>> > |
| 29 |
>> > Why treeclean it, if it still works and can still be built against |
| 30 |
>> > in- tree python? |
| 31 |
>> > |
| 32 |
>> > Sometimes mature packages don't get further maintenance because they |
| 33 |
>> > "just work" as they are, and don't _need_ to eventually be bloated to |
| 34 |
>> > include email and browsing functionality or whatever. |
| 35 |
>> > |
| 36 |
>> > Of course if it requires old python and eventually the last supported |
| 37 |
>> > in- |
| 38 |
>> > tree python is being removed, and nobody steps up to update it then, |
| 39 |
>> > /then/ it should be removed from the tree as it'll be broken /then/, |
| 40 |
>> > but that's not the case now, as Hanno explicitly said it still seems |
| 41 |
>> > to work. |
| 42 |
>> |
| 43 |
>> It needs a maintainer. Are you offering? |
| 44 |
>> |
| 45 |
>> Packages without maintainers anywhere along the line (either local or |
| 46 |
>> upstream) risk having security vulnerabilities go unfixed (or even |
| 47 |
>> unacknowledged) simply from having nobody who actually cares about the |
| 48 |
>> package. Very little "just works", even if it appears to, after a |
| 49 |
>> decade or two of little to no modifications or maintenance, if only |
| 50 |
>> because hidden assumptions the software makes about its environment |
| 51 |
>> cease to hold true. |
| 52 |
>> |
| 53 |
>> |
| 54 |
> The current policy is to not remove stuff unless it is actually broken. |
| 55 |
|
| 56 |
Yes. Switch it to maintainer-needed and put an ewarn to that effect if |
| 57 |
desired, but if it still works and isn't bothering anyone, policy /has/ |
| 58 |
been to leave it in the tree. |
| 59 |
|
| 60 |
This is what I was getting at. Why is it being removed, against policy, |
| 61 |
if it still works? (Or did the policy change at some point and I just |
| 62 |
missed it, but apparently not, given Rich0's and Antarus' replies.) |
| 63 |
|
| 64 |
I don't use the package myself and have no personal interest in it. I |
| 65 |
simply wondered what was going on with removal of an apparently working |
| 66 |
package that doesn't seem to be causing anyone problems, in contravention |
| 67 |
of what I understood to be gentoo tree-cleaning policy, thus the question. |
| 68 |
|
| 69 |
Plus, /someone/ might use it, and (unless it's proprietary, I don't/can't- |
| 70 |
legally use those as I can't agree to the EULAs, etc) for all I know |
| 71 |
something might change and I might find myself being that /someone/ that |
| 72 |
would have used it, had I spoke up back when an unbroken package was |
| 73 |
being removed for no good reason, except I didn't and it was removed, and |
| 74 |
thus I never knew I /could/ have used it as it was gone by the time I |
| 75 |
found I needed something with that functionality. |
| 76 |
|
| 77 |
|
| 78 |
Meanwhile, if there's a security issue, there's a security project to |
| 79 |
take care of that, regardless of whether there's a maintainer or not. |
| 80 |
And if there's no maintainer and there's a security issue, then the |
| 81 |
package _is_ broken and can be masked and tree-cleaned then. |
| 82 |
|
| 83 |
-- |
| 84 |
Duncan - List replies preferred. No HTML msgs. |
| 85 |
"Every nonfree program has a lord, a master -- |
| 86 |
and if you use the program, he is your master." Richard Stallman |
Archives