On Thu, Mar 13, 2008 at 9:30 AM, Patrice Dumas <pertusus@xxxxxxx> wrote: > Network faced clients and servers have the same security issues. But this > doesn't allow to make oen for all decision regarding maintaining or not > this kind of packages in fedora. The maintainer may be skilled enough > and have enough time to substitute for the upstream. We cannot say it in > advance, and should leave it to the maintainer. Then I would humbly suggest that maintainers who feel than can take up that burden establish themselves as an upstream developer for a project (or a fork). I am loathe to see Fedora package maintainers attempt to do the work of maintaining an otherwise dead library codebase inside the Fedora packaging space. This should be avoided. If a package maintainer can re-establish an upstream development process that is not run out of the fedora package cvs....then fine. Though in this specific case, its not clear that beecrypt is actually a dead codebase. There's no evidence of it shutting down. sf.net shows at least one cvs write transaction in the last couple of months, and several with in the last 12 months. And it appears the main developer has responded to a mailinglist thread from 2008. Though there are patchsets sitting in the ticket que since last summer. That's not an good sign, especially if this needs patching to build with the new gcc. -jef -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
