On Friday, September 16, 2016 09:54:42 PM Duncan wrote:
> Kristian Fiskerstrand posted on Fri, 16 Sep 2016 14:58:22 +0200 as
> excerpted:
> > On 09/16/2016 02:31 PM, Hanno Böck wrote:
> >> media-gfx/skencil is a python-written vector graphics tool. It was once
> >> popular before inkscape became the de-facto-standard. It hasn't seen
> >> any upstream activity for a decade(!), but surprisingly it still seems
> >> to work.
> >> 
> >> I haven't used it for many years myself.
> >> 
> >> There are 4 open bugs in bugzilla.
> >> 
> >> Anyone interested in taking it? (else the usual: will be reassigned to
> >> maintainer-needed)
> > 
> > Also sounds like a candidate for treecleaning / moving to an overlay and
> > not keeping non-upstream maintained things in tree if nobody want to
> > take the maintainer burden of it.
> Why treeclean it, if it still works and can still be built against in-
> tree python?
> Sometimes mature packages don't get further maintenance because they
> "just work" as they are, and don't _need_ to eventually be bloated to
> include email and browsing functionality or whatever.
> Of course if it requires old python and eventually the last supported in-
> tree python is being removed, and nobody steps up to update it then,
> /then/ it should be removed from the tree as it'll be broken /then/, but
> that's not the case now, as Hanno explicitly said it still seems to work.

It needs a maintainer. Are you offering?

Packages without maintainers anywhere along the line (either local or 
upstream) risk having security vulnerabilities go unfixed (or even 
unacknowledged) simply from having nobody who actually cares about the 
package. Very little "just works", even if it appears to, after a decade or 
two of little to no modifications or maintenance, if only because hidden 
assumptions the software makes about its environment cease to hold true.

So long as it continues to "just work", the work involved in being a proxy 
maintainer should be next to nil. If it doesn't continue to just work, then at 
least you have a better idea about what's going on...you might even find 
effective ways to deal with the problem, either by fixing the package yourself 
or providing backpressure on the environment changes that have broken (or 
threaten to break) it.


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to