| 1 |
On Wed, Jan 7, 2015 at 11:30 AM, William Hubbs <williamh@g.o> wrote: |
| 2 |
> That's the whole point of a last rites, to get people to step up and |
| 3 |
> take responsibility for packages. Also, this was cleared with the qa |
| 4 |
> lead before it was ever sent out. |
| 5 |
|
| 6 |
Define "take responsibility for packages." As far as I'm aware there |
| 7 |
is no policy that requires maintainers to fix any upstream bug, and |
| 8 |
security issues are almost always upstream bugs. |
| 9 |
|
| 10 |
A package with a security bug for 10 years could be perfectly |
| 11 |
well-maintained, with regular updates/etc as often as upstream |
| 12 |
publishes them. Some software projects are fairly mature and don't |
| 13 |
get a lot of upstream updates, so a package might be untouched for 5 |
| 14 |
years and have security issues and still be "well-maintained." |
| 15 |
|
| 16 |
I think the solution to this is to have the community agree on just |
| 17 |
what "well-maintained" actually means and documenting this as policy, |
| 18 |
versus just making individual judgment calls. To be sure there will |
| 19 |
still be grey areas, but I think that right now the policies are too |
| 20 |
vague to try to enforce something like this. |
| 21 |
|
| 22 |
> |
| 23 |
> So I am operating clearly within the scope of qa, since the job of QA is |
| 24 |
> to keep the tree in a consistent state for our users. |
| 25 |
> |
| 26 |
> So with all respect, I don't understand why this even needs to be |
| 27 |
> escalated to the council. |
| 28 |
|
| 29 |
There are many who would probably say that the tree is already in a |
| 30 |
consistent state for our users. I realize that you feel otherwise, |
| 31 |
and perhaps others in QA also feel otherwise. Maybe the vast majority |
| 32 |
of the community would agree with you, but the whole reason for this |
| 33 |
discussion and putting this on the Council agenda is so that we can |
| 34 |
can get a sense for what the community wants and then consistently |
| 35 |
follow that as policy. |
| 36 |
|
| 37 |
It makes far more sense to deal with general policy issues like this |
| 38 |
before we start treecleaning than to just leave it up to QA, have |
| 39 |
users switching to overlays, and then have it appealed to the council |
| 40 |
and potentially have everything re-introduced to the main tree. |
| 41 |
|
| 42 |
-- |
| 43 |
Rich |
Archives