1 |
On Wed, Jan 7, 2015 at 11:30 AM, William Hubbs <williamh@g.o> wrote: |
2 |
> That's the whole point of a last rites, to get people to step up and |
3 |
> take responsibility for packages. Also, this was cleared with the qa |
4 |
> lead before it was ever sent out. |
5 |
|
6 |
Define "take responsibility for packages." As far as I'm aware there |
7 |
is no policy that requires maintainers to fix any upstream bug, and |
8 |
security issues are almost always upstream bugs. |
9 |
|
10 |
A package with a security bug for 10 years could be perfectly |
11 |
well-maintained, with regular updates/etc as often as upstream |
12 |
publishes them. Some software projects are fairly mature and don't |
13 |
get a lot of upstream updates, so a package might be untouched for 5 |
14 |
years and have security issues and still be "well-maintained." |
15 |
|
16 |
I think the solution to this is to have the community agree on just |
17 |
what "well-maintained" actually means and documenting this as policy, |
18 |
versus just making individual judgment calls. To be sure there will |
19 |
still be grey areas, but I think that right now the policies are too |
20 |
vague to try to enforce something like this. |
21 |
|
22 |
> |
23 |
> So I am operating clearly within the scope of qa, since the job of QA is |
24 |
> to keep the tree in a consistent state for our users. |
25 |
> |
26 |
> So with all respect, I don't understand why this even needs to be |
27 |
> escalated to the council. |
28 |
|
29 |
There are many who would probably say that the tree is already in a |
30 |
consistent state for our users. I realize that you feel otherwise, |
31 |
and perhaps others in QA also feel otherwise. Maybe the vast majority |
32 |
of the community would agree with you, but the whole reason for this |
33 |
discussion and putting this on the Council agenda is so that we can |
34 |
can get a sense for what the community wants and then consistently |
35 |
follow that as policy. |
36 |
|
37 |
It makes far more sense to deal with general policy issues like this |
38 |
before we start treecleaning than to just leave it up to QA, have |
39 |
users switching to overlays, and then have it appealed to the council |
40 |
and potentially have everything re-introduced to the main tree. |
41 |
|
42 |
-- |
43 |
Rich |