orphans (was: gimp-print-cups)

Michael Schwendt bugs.michael at gmx.net
Wed Feb 23 20:38:50 UTC 2005


On Wed, 23 Feb 2005 15:10:36 -0500 (EST), Greg DeKoenigsberg wrote:

> 
> On Wed, 23 Feb 2005, Jef Spaleta wrote:
> 
> > On Wed, 2005-02-23 at 14:35, Jesse Keating wrote:
> > > Seems a bit overkill.  Why not just a mail to fedora-list or something
> > 
> > Lists are a blackhole...
> 
> Exactly.  We make this mistake repeatedly.  Information that should be 
> PERSISTENT and ORGANIZED ("this is stuff we need to take care of") is, 
> instead, TRANSITORY and DISORGANIZED ("which mailing list archive should I 
> be combing through again?")
> 
> /me goes to put this on the list of TODOs -- list of orphaned/abandoned 
> packages.  I asked mschwendt if he'd be willing to tackle policy on this, 
> but no word yet.  :-)

The list itself is not the problem. We do have such a list already in
the Wiki, albeit mostly free-form for now. Questions to answer will be,
for instance:

  Where to report a potentially unmaintained package? Usually, a random
  user requests an upgrade in bugzilla. Sometimes this is due to
  impatience, sometimes the included package is really out-of-date.

  Who notices when a package owner doesn't seem to reply to bug reports or
  upgrade requests? Create a separate issue tracker? Use bugzilla? Use a
  special contact address?

  Use a well-defined protocol with how to probe whether a primary package
  owner cannot be reached anymore: Mail, wait for reply for XX days,
  announce package ownership change publicly, Cc old owner, wait X days,
  then make permanent?

  How long to wait before deleting binaries from a repository?  (software
  getting out-of-date compared with upstream releases, risk of
  undiscovered security vulnerabilities, critical incompatibilities
  upon distribution version upgrade)

  What to do with packages in fedora.us? When to declare the old Extras
  for RHL9/FC1 as "unsupported" (end-of-life)? What to do when package
  owner no longer can test updates on an old distribution version? Revise
  the "pending" step and publish builds without verification (we do this
  in FC3 Extras, too!)? If an extra package for an old (or legacy)
  distribution is no longer being maintained actively, do we pull it
  (because of risk of security vulnerabilities) or only declare it
  unmaintained/orphaned? Or do we published untested builds (which are
  only assumed to work because they build) in a separate "testing"
  repository and community QA contributors can vote on promoting updates
  into the main repository?




More information about the Fedora-maintainers mailing list