1 |
On Thu, 21 Jan 2016 18:25:21 +0100 |
2 |
Kristian Fiskerstrand <k_f@g.o> wrote: |
3 |
|
4 |
> On 01/21/2016 06:15 PM, Alexis Ballier wrote: |
5 |
> > On Thu, 21 Jan 2016 10:53:58 -0600 |
6 |
> > William Hubbs <williamh@g.o> wrote: |
7 |
> > |
8 |
> >> I would like to see a possible timelimit set on how long packages |
9 |
> >> can stay in maintainer-needed; once a package goes there, if we |
10 |
> >> can't find someone to maintain it, we should consider booting it |
11 |
> >> after that time limit passes. |
12 |
> > |
13 |
> > Note that maintainer-needed doesn't necessarily mean package is |
14 |
> > crap. Some simply don't really need a maintainer because they just |
15 |
> > work. |
16 |
> > |
17 |
> > |
18 |
> |
19 |
> However it can cause complications when issues are detected, in |
20 |
> particular security relevant ones. Attaching a CSV of bugs assigned to |
21 |
> security with maintainer-needed CCed. |
22 |
> |
23 |
> e.g app-text/htmltidy has multiple reverse dependecies but is itself |
24 |
> maintainer needed with at least two vulnerabilities (bug 561452) |
25 |
> |
26 |
|
27 |
well, 'not ( forall x, x is m-n, x is crap )' and 'exists x, x is |
28 |
m-n, x is crap' don't necessarily disagree either :) |