On Fri, 2006-04-28 at 18:48 +0200, Michael Schwendt wrote: > > This is not a worst case, this is pretty normal. IMO. Scenario: "FC5 has > just been released. Packager's primary machine is upgraded to FC5. FC4 is > abandoned. FC3 even more." I'm aware that some packagers use mock to > test-build their packages for older dists. I'm also aware that some use > multi-boot environments or virtual machines to do run-time tests. But > often, overall package quality suffers when package maintainers no longer > use the old distributions regularly. I know longer have an FC-3 box. I'll only request builds for FC-3 if I know it works there, or there is a bug and I know what fixes it. That actually bothers me a little - I need to move around some stuff and do an FC3 install. I don't have the time to do that probably until June. > > > We needed policies, so either > > a) an official team inside Fedora Extras gets the power (= the privileges) > to intervene, The person who sponsored the contributor at least has that authority if I correctly recall - but yes, some people should have the authority, at least with security patches, to intervene and apply them. For non security patches I think the standard pings to the developer and getting it listed as orphaned is the correct procedure. > > or > > b) arbitrary FE Contributors can intervene in accordance with > policies. I personally would rather have it be FE Contributors who have been given such authority. Such as specified members of the security team. Both for legacy and for "current". > > This is not just about security vulnerabilities. It can also happen that a > critical bug in a popular package doesn't get fixed, because the package > owner seems to be unavailable (or is known to be unavailable). In those cases, the package should be considered orphaned if the person doesn't respond. IMHO. -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
