On Wed, 23 Feb 2005 15:10:36 -0500 (EST), Greg DeKoenigsberg wrote:
>
> On Wed, 23 Feb 2005, Jef Spaleta wrote:
>
> > On Wed, 2005-02-23 at 14:35, Jesse Keating wrote:
> > > Seems a bit overkill. Why not just a mail to fedora-list or something
> >
> > Lists are a blackhole...
>
> Exactly. We make this mistake repeatedly. Information that should be
> PERSISTENT and ORGANIZED ("this is stuff we need to take care of") is,
> instead, TRANSITORY and DISORGANIZED ("which mailing list archive should I
> be combing through again?")
>
> /me goes to put this on the list of TODOs -- list of orphaned/abandoned
> packages. I asked mschwendt if he'd be willing to tackle policy on this,
> but no word yet. :-)
The list itself is not the problem. We do have such a list already in
the Wiki, albeit mostly free-form for now. Questions to answer will be,
for instance:
Where to report a potentially unmaintained package? Usually, a random
user requests an upgrade in bugzilla. Sometimes this is due to
impatience, sometimes the included package is really out-of-date.
Who notices when a package owner doesn't seem to reply to bug reports or
upgrade requests? Create a separate issue tracker? Use bugzilla? Use a
special contact address?
Use a well-defined protocol with how to probe whether a primary package
owner cannot be reached anymore: Mail, wait for reply for XX days,
announce package ownership change publicly, Cc old owner, wait X days,
then make permanent?
How long to wait before deleting binaries from a repository? (software
getting out-of-date compared with upstream releases, risk of
undiscovered security vulnerabilities, critical incompatibilities
upon distribution version upgrade)
What to do with packages in fedora.us? When to declare the old Extras
for RHL9/FC1 as "unsupported" (end-of-life)? What to do when package
owner no longer can test updates on an old distribution version? Revise
the "pending" step and publish builds without verification (we do this
in FC3 Extras, too!)? If an extra package for an old (or legacy)
distribution is no longer being maintained actively, do we pull it
(because of risk of security vulnerabilities) or only declare it
unmaintained/orphaned? Or do we published untested builds (which are
only assumed to work because they build) in a separate "testing"
repository and community QA contributors can vote on promoting updates
into the main repository?
