On Tue, Apr 05, 2016 at 11:36:19PM +0200, Tormod Volden wrote: > severity wishlist > > On Fri, Apr 1, 2016 at 3:29 PM, Goswin von Brederlow wrote: > > Package: xscreensaver > > Severity: important > > > > The xscreensaver package has 120 bugs going back over 9 years that are > > just rotting in the BTS without attention. Some of them are tagged > > security, some tagged patch. A lot of bugs have not been modified > > since shortly after they were reported. > > Hi Goswin, > > The BTW can probably need some triaging. I am aware of (hopefully) all > bugs there though, and there is nothing that really demands attention. > There are a lot of wishes, patches that should go upstream or down the > drain - we don't want to carry the support burden for them - and some > are graphic drivers issues. > > > > > I sad to say but you are not doing as good a job maintaining the > > package as you should. Maybe you aren't that interested in > > xscreensaver anymore or you don't have the time or any number of other > > valid reasons. But fact is that bugs are being left to rot in the BTS. > > I am maintaining the package as I have been doing over many, many > years. Security problems are taken care of immediately and upstream > releases are packaged in due time. The number of bugs have been very > stable over the years. I don't have any strong motivation to work much > more intensive on it than I have done, that's for sure. > > Some bugs can sure be closed, but why is that important to you? They > are there mainly to help the maintainers, and people contributing. > Granted, I am sure many bugs can be closed though, or moved to > wishlist. It is just not the highest of my priorities, and nobody else > has stepped up to do it. Hey wait - one guy mentioned some willingness > a few weeks ago - maybe we are lucky, I will follow that up.
The BTS is not just for the maintainer. It also documents things for users. Like what bugs are already known. When I see a package with lots of patches in the BTS my willingness to patch something myself goes right down the drain. Who would want to spend their time writing patches if the maintainer will just ignore them for years? I'm sure you handled all the security stuff as you say but you are the only one that knows that. Everyone else looks at the BTS and sees bugs tagged security. When I see a package in the BTS with bugs tagged security then I start to worry. > > For example #403557 should have been tagged more-info and eventually > > closed as unreproducible 9 years ago and is still there tagged > > security. > > Are you not able to tag it as more-info? If you are unable to help > because of technical issues, we can probably figure that out. It is > not like the maintainer has to do everything and nobody else can help. That would be just a drive-by shooting. You won't get more info just ebcause someone sets the more-info tag. One also has to track down the submitter and at least test the issue itself too. Since I don't use LDAP that would be rather a lot of work. And what for? If I write a patch it's just going to rot in the BTS form all apearances. See my point? > > So I urge you to please find a new maintainer to either take over (in > > the worst case) or simply work alongside yourself to help clean up the > > backlog of bugs in this package. > > This is not how it works in practice. Anyone interested in the package > will help to maintain the package, sending patches against the VCS > etc. I don't see why nobody can just help out triaging bugs. People > helping out over time can become co-maintainers. If I don't do much > useful any longer, I can pull out and the other people will remain > maintainers. This is how I got into this. If they are not genuinely > interested (and pop up by themselves) there are small changes they > will stick around. Saddly that is also not how it works. Usualy a package rots away for years getting worse and worse before it finally blows and someone else gets so fed up with it and steps up to take over. You are doing a too good job for that to happen. Sometimes you have to get the word out that help is needed or simply just wanted to attract someone. > > If it is just that you left bugs open for so long (or inherited them > > from a revious maintainer) that now you are swamped and can't catch up > > then you could also contact the front desk to get some prospective new > > DDs assigned to look over and triage bugs. It's good experience for > > them and the package would hopefully get back on track. > > Yes, it might be a good idea to get some people working on this. But > it won't help me to get someone to just close bugs for the sake of > closing bugs for then to disappear again. We need someone with long > time commitment. Do you have a link to this "front desk"? I am > optimistically imagining a long line of people longing to help out > maintaining 8-) Front desk is part of the new maintainer process and is staffed by a few people: https://nm.debian.org/public/managers I think the alias for it is front-d...@debian.org. And the long line of people longing to help out is every person wanting to become Debian Maintainer or Debian Developer. So yeah, there is aline. Wether they will stay with your package after they completed the NM process or not is up in the air. Maybe they will, maybe they won't. It's unlikely though. But hey, if you do this once every 3 years the BTS will look a lot cleaner and eventually someone will stick. :) > > MfG > > Goswin > > > > PS: This is not a personal attack on you but an encouragement to make > > the package the best it can be. > > Thanks! All contributions are welcome. > > Best regards, > Tormod MfG Goswin
