Miro Hrončok <mhroncok@xxxxxxxxxx> writes: > On 06. 01. 20 12:44, Peter Robinson wrote: > >>> As said in the e-mail, if you think the policy needs to be adapted, >>> please discuss - I have made sure the recent changes in the policy >>> are discussed with the community, especially since you were so angry >>> when I followed the previous one. Unfortunately, there was no input >>> from you when the policy was discussed, despite me repeatedly asking >>> you to stop being angry at me and participate in the policy >>> discussion instead. >> >> What recent discussions, I've not actually looked at a lot of Fedora >> related stuff much since August because of constant travel and things >> related directly to my $dayjob so I likely missed any of the >> discussion if it's happened since then. > > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/thread/NKFYAWL4GWYR37C6XA63JMNBZYEM6BI3/ > >> Angry, I wasn't angry, annoyed certainly. It does annoy me that we're >> driving away packagers that have a little time here and there with >> these policies, I feel we have too few contributors already and >> aggressive policies and enforcement only make it worse. > > That's exactly why I want the policies less aggressive. A year + long > FTBFS isn't aggressive in my POV. If you don't have the time to make a new build once every year, you shouldn't be a packager, full stop. If this is too arduous a requirement, I recommend getting involved with the efforts to improve the packaging workflow. We are talking about crypto-related packages here; being able to rebuild them and be confident in their contents is arguably more important than any other kind of package. Anecdotally, I've sent two non-responsive maintainer emails (both involving CVEs which were fixed as a result). To actually get removed from your package in Fedora typically takes at least three months during which you have to be mostly non-responsive. I only package a few things in Fedora, but it's far more frustrating to me as a maintainer when a non-responsive maintainer (of a dependent/depending package) won't fix their bugs than when I occasionally have to do a build. >>> Also said in the e-mail, if you think those packages need to be >>> exempted from the process, we can deal with that to, however there >>> must be a valid reason. I don't think "the maintainer didn't >>> actually maintain their Fedora packages for almost 2 years because >>> they have real stuff to do" is a valid reason, yet other FESCo >>> members might disagree with that statement. >> >> Well the FTB from people pushing builds would be directly due to the >> fact they're not on the ACL for the secure-boot, there is a handful >> of packages like that. > > So the people who has the rights should start actually doing it, > shouldn't they. This particular maintainer ignores all bugzilla > e-mail. If I'm reading the policy correctly, the reason it's being considered for retirement is that the bug was ASSIGNED. If it were still in NEW, it would be merely orphaned. I'm sure we have people who could step in and fix this if all indications didn't point to the maintainers wanting to fix it themselves (and the ACL didn't prevent them from doing so, though I'm not against the ACL). >> Well FESCo might agree that they want booting x86 images with >> secure-boot so ¯\_(ツ)_/¯ Let's try to keep the conversation civil, please. That said: if policy says we need to retire this package now, and it will break the world, perhaps fesco *ought* to be involved? Thanks, --Robbie
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
