Hi Kamil, Firstly, apologies for dropping the ball responding to the PR. On Wed, Nov 27, 2024 at 08:30:52AM +0100, Kamil Dudka wrote: > On Wednesday, November 27, 2024 12:07:29 AM GMT+1 Michel Lind wrote: > > On Tue, Nov 26, 2024 at 12:11:27PM -0300, Marco Benatto wrote: > > > Hello all, > > > > > > We recently noticed there's a couple of PRs opened to fix > > > vulnerabilities in EPEL8 python-django3 with no response from the > > > maintainer (CC'ed). This is an important update as it fixes 4 > > > different CVEs. > > > > > > https://src.fedoraproject.org/rpms/python-django3/pull-request/2 > > > > > > I have raised a bugzilla bug asking for contact according > > > https://docs.fedoraproject.org/en-US/fesco/Policy_for_nonresponsive_package_maintainers/ > > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=2328973 > > > > > > may i please have your help in contacting the maintainer? > > > > > That PR was never in a state where it's merge-able, FYI > > Michel, I know you are busy but let's avoid using nonsense excuses like this. > What I meant by not mergeable is - if you look at the CI results, the scratch build passed but the installability check failed. > The pull request in question was ready to be merged on April 29th and then on > May 14th. See above > You have never replied on the pull request until the non-responsive > maintainer process was started: This one is fair, and what I'm a bit upset about is that someone who is not the PR submitter started the non-responsive process. I think it's also reasonable to suggest that there are alternatives between just pinging a PR and the non-responsive maintainer process though - the former is easy to miss given Pagure's web UI does not deal well with having lots of repos (and likewise the volume of emails get large), the non-responsive process is a bit of a sledgehammer. I have written this guide I plan to use in response to PRs that are not immediately mergeable, to avoid situations like this in the future https://fedoraproject.org/wiki/User:Salimma#README -- _o) Michel Lind _( ) identities: https://keyoxide.org/5dce2e7e9c3b1cffd335c1d78b229d2f7ccc04f2
Attachment:
signature.asc
Description: PGP signature
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue