| 1 |
On Thu, 21 Jan 2016 18:25:21 +0100 |
| 2 |
Kristian Fiskerstrand <k_f@g.o> wrote: |
| 3 |
|
| 4 |
> On 01/21/2016 06:15 PM, Alexis Ballier wrote: |
| 5 |
> > On Thu, 21 Jan 2016 10:53:58 -0600 |
| 6 |
> > William Hubbs <williamh@g.o> wrote: |
| 7 |
> > |
| 8 |
> >> I would like to see a possible timelimit set on how long packages |
| 9 |
> >> can stay in maintainer-needed; once a package goes there, if we |
| 10 |
> >> can't find someone to maintain it, we should consider booting it |
| 11 |
> >> after that time limit passes. |
| 12 |
> > |
| 13 |
> > Note that maintainer-needed doesn't necessarily mean package is |
| 14 |
> > crap. Some simply don't really need a maintainer because they just |
| 15 |
> > work. |
| 16 |
> > |
| 17 |
> > |
| 18 |
> |
| 19 |
> However it can cause complications when issues are detected, in |
| 20 |
> particular security relevant ones. Attaching a CSV of bugs assigned to |
| 21 |
> security with maintainer-needed CCed. |
| 22 |
> |
| 23 |
> e.g app-text/htmltidy has multiple reverse dependecies but is itself |
| 24 |
> maintainer needed with at least two vulnerabilities (bug 561452) |
| 25 |
> |
| 26 |
|
| 27 |
well, 'not ( forall x, x is m-n, x is crap )' and 'exists x, x is |
| 28 |
m-n, x is crap' don't necessarily disagree either :) |
Archives