Hello Andreas,
Am 18.03.24 um 21:15 schrieb Andreas Tille:
Hi Carsten,
Am Sun, Mar 17, 2024 at 08:18:58AM +0100 schrieb Carsten Schoenert:
The arguments to remove flask-basicauth looks sensible, can someone confirm ?
looking at the upstream situation for flask-basicauth I see no real issues
to drop and this package from the archive. This horse is long dead for a
long time.
This sentence looks as if would have been created by autocomplete function.
Could you please try to rephrase for better understandability?
well, it's getting harder to maintain upstream source that is simply not
maintained anymore by the original upstream author or group.
flask-basicauth is one of these cases. The last action by upstream is
now 8 years old!
https://github.com/jpvanhal/flask-basicauth
There is no feedback from upstream on bug reports since years. I'm
writing bug reports in such cases sometimes mainly only to show the
problems we or I have discovered in a hope that other will post than how
they solved this issue.
And of course also upstream is not reacting on created PRs. I've given
up to write new and further PRs in such cases, it's a waste of time.
Doing the needed maintenance for such old repositories is often
difficult and time consuming, e.g. dealing with old build systems or the
test setup.
I'm primarily a package maintainer not a person that is having fun to
update or adjust old trees with a 5th possible solution. It's not
helpful and wise if every distro is doing the same with lots of energy.
It's not our responsibility to keep every source package alive in the
archive if upstream has moved away, at least this is my thinking.
We have more and more the problem to manage big transitions like the
usual Python major updates, or big frameworks like Sphinx, PyTest,
Django etc. I've spend a lot of time with rather old and not really
maintained anymore by upstream packages in the past year.
We can't deal with all the challenges that will need some action all
other the time. But shipping then outdated or not really useful packages
within a release is not something we should do. Sometimes it's better to
drop such packages from the archive and shift time and energy to other
packages.
And to me flask-basicauth is such a package. It's dead Jim!
--
Regards
Carsten
