Re: Quake3 security issue and non-responsive maintainer: Xavier Lamien

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/11/2010 10:03 PM, Thomas Spura wrote:
> Am Dienstag, den 11.05.2010, 17:47 +0800 schrieb Chen Lei:
>>
>>
>> 2010/5/11 Rahul Sundaram <metherid@xxxxxxxxx>
>>         Hi
>>         
>>         https://admin.fedoraproject.org/pkgdb/acls/bugs/quake3
>>         
>>         Quake 3 engine needs to be updated.  The current version has
>>         security
>>         issues and breaks multiplayer in a couple of Quake3 based
>>         games such as
>>         OpenArena.  The maintainer has not responded in bugzilla since
>>         March and
>>         has not responded to private email either.  I would like to
>>         invoke the
>>         fast track process.   Meanwhile, I will be much obliged if
>>         someone
>>         updates Quake 3 to the latest version available and push out
>>         updates for
>>         Fedora 13 and 12.
>>
>> It seems a lot of trivial packages in fedora are unmaintained for a
>> long time, even those maintainers may still be active in fedora
>> community.  Maybe setting up an automatic orphan policy combining with
>> a package QA page is necessary now.
> 
> A big +1!
> 
> Gentoo has the same [1]:
> "Any developer suspected to be inactive for a period in excess of 60
> days may be subject to retirement. Developer Relations will first
> research and assess the situation, attempt to contact the developer, or
> if attempts are unsuccessful may chose to retire the developer. Please
> note that if you are in devaway for more than 60 days, you may also be
> considered inactive, however, return dates will be taken into
> consideration. If you are retired due to inactivity and wish to return,
> you need only contact Recruiters to begin the recruitment process again.
> "

I will just add link to Gentoo "devaway" system[1] of notifying other
developers/users/etc that they will not be participating in community
for longer periods of time. Policy is to say approximately when you will
be returning to "full duty" and also to specify what to do with bugs for
packages that person is maintaining. Gentoo has more lenient ACLs as far
as CVS access is concerned though (everyone can touch everyone's files)
so there is no need to setup additional permissions (as Fedora
maintainers would have to do).

Perhaps this approach could be somehow integrated. When developer sets
"away" flag (in pkgdb or somewhere else) and there is no other
co-maintainer anyone will be able to touch his spec files, not just
provenpackagers.


[1] http://dev.gentoo.org/devaway/

-- 
Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx>
Associate Software Engineer - Base Operating Systems Brno

PGP: 71A1677C
Red Hat Inc.                               http://cz.redhat.com

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux