Hi, Le 26/08/2016 à 07:01, Guus Sliepen a écrit : > On Fri, Aug 26, 2016 at 04:12:46PM +0200, Paul Gevers wrote: > >> Today I was, once again, surprised to see how many (low popcon) orphaned >> packages we have. I believe that orphanage is a burden to our community >> in the sense that not all packages are picked up by a new maintainer and >> these packages need some QA once in a while and often don't get enough >> of that (at least most packages that I touched). > > Who is this a burden for? As long as there are no RC bugs filed for the > orphaned packages, I don't see any a direct reason to remove them.
What about, e.g., security issues: if nobody cares about maintaining code, whether dormant or dead upstream, or simply no maintainer to include security fixes or upload new upstream versions, then I believe it may cause direct harm to the project. The fact that nobody cared enough to track issues and eventually file RC-bugs may not be the best way to claim that a package is good enough. > If no-one used the package, then sure, the package is really useless. > But if at least some people are using it, it has value. Maybe it is worth considering alternative instead of using unmaintained code, or stepping up in proper maintenance, rather than leaving unaudited code in some of our user machines. Regards David
signature.asc
Description: OpenPGP digital signature