From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.atof.net (smtp1.atof.net [52.86.233.228]) by sourceware.org (Postfix) with ESMTPS id 4F7683858C5F for ; Sun, 24 Sep 2023 18:21:01 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4F7683858C5F Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gluelogic.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gluelogic.com X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-Spam-Language: en X-Spam-Relay-Country: X-Spam-DCC: B=; R=smtp1.atof.net 1102; Body=1 Fuz1=1 Fuz2=1 X-Spam-RBL: X-Spam-PYZOR: Reported 0 times. Date: Sun, 24 Sep 2023 14:20:56 -0400 From: gs-cygwin.com@gluelogic.com To: Jon Turney Cc: "cygwin-apps@cygwin.com" Subject: Re: Bonfire of the Packages Message-ID: References: <30524a03-4924-4aa0-9ebf-e5a0808226c2@dronecode.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <30524a03-4924-4aa0-9ebf-e5a0808226c2@dronecode.org.uk> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 List-Id: On Sun, Sep 24, 2023 at 01:32:59PM +0100, Jon Turney via Cygwin-apps wrote: > > Generally, we have a large number of old, unmaintained packages. > > The policy [1] has always been "Packages without an active maintainer may be > pulled from the distribution.", but not actively enforced (in fact prior to > 2022, this used to say "are pulled", but I moderated the statement, just to > reflect reality). > > I guess what's needed is an automated process which removes unmaintained > packages, after some period of time in that state. > > I'm somewhat ambivalent about doing that, as they are probably of some use, > but on the hand I don't think our users are best served providing very old > packages with unknown numbers of bugs, security problems, etc., or which are > unsupported upstream. Were the first steps to be performed by an automated process, I would propose that the automated process mark and move packages 'pending delete' to a new category "abandoned", which is not installed by default, but selectable in the cygwin setup.exe. Alternatively, 'promote' the abandoned packages to "testing". After a period of time in "abandoned" or "testing", the packages could be removed to a holding area, but not yet deleted, since this is the time that some people might start to notice. It would be nice to be able to restore packages relatively quickly during this period. Finally, after another period of time passes, delete the package. Cheers, Glenn