On Tue, 23 Aug 2022, Otto Liljalaakso wrote:
The relevant policy is Bundled software policy [1]. Unlike in the past, a
package does not need a FESCo exception to bundle dependencies. However, the
requirements of that policy are not being met here: The reason for bundling
should be recorded in the specfile, and Provides: bundled(x) = 1.2.3 should
be included.
[1]: https://docs.fedoraproject.org/en-US/fesco/Bundled_Software_policy/
Thanks for the link. Sadly, the justification would be "because upstream
hardcoded this an errors on any other version", which in itself is
pretty weak. And since it includes boost, which can't easilly be
upgraded between fedora releases, all the older stuff lingers forever.
If the maintainer is not responding, you should invoke the Non-responsive
maintainer policy [2]. This package has CVE bugs open [3], so most probably
it should eith be retired, or somebody should start caring for it.
Miro started the non-responsive maintainer process and woke up the
maintainer, but they themselves are also thinking it might be better
to kick it out of fedora.
https://bugzilla.redhat.com/show_bug.cgi?id=1989019
Paul
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
