Hi, > We cannot do that as long as we lack a well-defined life-cycle compared > with Fedora Core. And when we distinguish between active (i.e. maintained, > "supported") branches, legacy branches and dead branches, we need policies > which allow for improved security response times, e.g. through the work of > a Fedora Extras security response team, which under well-defined > conditions may touch packages in _all_ branches. Whether these are the > same people who would maintain legacy branches, is an unimportant detail. For what it's worth, here is what I think. 1. Anything > 2 branches before the release (so we still have support for 3 and 4) should be carried on with anything over 2 branches being consigned to Fedora Legacy. 2. Support should be primarily for the current and rawhide releases. Say anjuta didn't work for FC3. This would be annoying, but not as important as (say) getting some of my mono packages into FE. It will be fixed, just not urgently. If anjuta failed in FC4, it would have greater importance. Basically, it's strangling the older release of air. While some may say "can't do that", it is one way to get people onto newer releases (IMO) - don't knock the idea, it's what MS et al have done for years. 3. If a package is orphaned, it should be dropped totally after 6 months of no activity. If someone wants to bring it back in, it goes through the usual FE process. 4. The system for getting packages into other branches needs to be easier. If I've put version 1.3.4 of package x into rawhide FE and version 1.3.2 exists in FE5 and 1.2.4 in FE4, it should be 1.3.4 which supercedes everything else - a fresh import should not be required. This has the benefit of maintaining the older versions far simpler. 5. If a maintainer cannot be reached and newer versions of a package are available, there needs to be a mechanism for taking the package over in the short term initially and then permanently if the original maintainer can't be located and/or steps forward again > And yes, we do need improved and stricter policies on how to handle > orphaned packages. :-) TTFN Paul -- "Wenn eine große Vision zu groß ist, kann sie dich töten - du überschreitest deine Grenzen in der sicheren Überzeugung, den vor dir liegenden Weg zu kennen." - Linus Torvals
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
