From: Jon Turney <jon.turney@dronecode.org.uk>
To: Chad Dougherty <crd@acm.org>,
"cygwin-apps@cygwin.com" <cygwin-apps@cygwin.com>
Subject: Re: How does a package become orphaned? (was Re: Attn maintainer: python-paramiko)
Date: Thu, 1 Dec 2022 19:41:54 +0000 [thread overview]
Message-ID: <355f05b2-991c-fff6-fa5e-7d3eba7b16d9@dronecode.org.uk> (raw)
In-Reply-To: <a00310b1-a68f-0424-f3e1-e76f09490a40@acm.org>
On 04/11/2022 13:05, Chad Dougherty wrote:
> On 2022-11-04 08:34, Jon Turney wrote:
>> The second is not so clear: A package is orphaned if it's maintainer
>> is not responsive to queries as to if they still want to be the
>> maintainer of the package.
>>
>> It's undefined how many times we should ping, or how long we should
>> wait for a response, but I think that the ~10 months that's elapsed
>> here is more than enough!
>
> If the prospective adopter is also proposing an update that addresses
> security vulnerabilities in the old package, I suggest that that, and
> the severity and impact of those vulnerabilities be factored into the
> timeout decision.
Well, maybe.
I think a common way for distros to handle this is to have some subset
of maintainers who are allowed to make NMUs for these "important" updates.
The problem is we don't really have the concept of an NMU currently,
although this is (again) due to accidents of history, rather than by design.
The current upload policy is:
- Only the maintainer for a package maintainer is allowed to upload that
package.
- If a package is orphaned (has no maintainer), there are some "trusted"
maintainers who are allowed to upload it.
I'm kind of inclined to relax that a bit, although I'm not sure what to.
next prev parent reply other threads:[~2022-12-01 19:41 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-23 22:17 Attn maintainer: python-paramiko Marco Atzeri
2022-01-27 4:18 ` Marco Atzeri
2022-11-02 20:04 ` Libor Ukropec
2022-11-04 12:34 ` How does a package become orphaned? (was Re: Attn maintainer: python-paramiko) Jon Turney
2022-11-04 13:05 ` Chad Dougherty
2022-11-15 18:47 ` Libor Ukropec
2022-11-16 11:52 ` Thomas Wolff
2022-11-17 10:24 ` Libor Ukropec
2022-11-17 18:32 ` Brian Inglis
2022-12-01 19:41 ` Jon Turney
2022-12-01 20:18 ` Libor Ukropec
2022-12-02 8:20 ` Marco Atzeri
2022-12-05 23:07 ` Libor Ukropec
2022-12-05 20:54 ` Jon Turney
2022-12-06 0:07 ` Libor Ukropec
2022-12-01 19:41 ` Jon Turney [this message]
2022-12-01 20:02 ` Achim Gratz
2023-05-09 20:16 ` Trusted maintainers (was: Re: How does a package become orphaned? (was Re: Attn maintainer: python-paramiko)) Jon Turney
2023-05-11 13:57 ` Andrew Schulman
2023-05-13 10:18 ` Marco Atzeri
2023-05-30 13:39 ` Andrew Schulman
2023-06-06 8:12 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=355f05b2-991c-fff6-fa5e-7d3eba7b16d9@dronecode.org.uk \
--to=jon.turney@dronecode.org.uk \
--cc=crd@acm.org \
--cc=cygwin-apps@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).