On Tue, Sep 20, 2016 at 9:00 AM, Michael Mol <mike...@gmail.com> wrote:
> On Friday, September 16, 2016 09:54:42 PM Duncan wrote:
> > Kristian Fiskerstrand posted on Fri, 16 Sep 2016 14:58:22 +0200 as
> > excerpted:
> > > On 09/16/2016 02:31 PM, Hanno Böck wrote:
> > >> media-gfx/skencil is a python-written vector graphics tool. It was
> > >> popular before inkscape became the de-facto-standard. It hasn't seen
> > >> any upstream activity for a decade(!), but surprisingly it still seems
> > >> to work.
> > >>
> > >> I haven't used it for many years myself.
> > >>
> > >> There are 4 open bugs in bugzilla.
> > >>
> > >> Anyone interested in taking it? (else the usual: will be reassigned to
> > >> maintainer-needed)
> > >
> > > Also sounds like a candidate for treecleaning / moving to an overlay
> > > not keeping non-upstream maintained things in tree if nobody want to
> > > take the maintainer burden of it.
> > Why treeclean it, if it still works and can still be built against in-
> > tree python?
> > Sometimes mature packages don't get further maintenance because they
> > "just work" as they are, and don't _need_ to eventually be bloated to
> > include email and browsing functionality or whatever.
> > Of course if it requires old python and eventually the last supported in-
> > tree python is being removed, and nobody steps up to update it then,
> > /then/ it should be removed from the tree as it'll be broken /then/, but
> > that's not the case now, as Hanno explicitly said it still seems to work.
> It needs a maintainer. Are you offering?
> Packages without maintainers anywhere along the line (either local or
> upstream) risk having security vulnerabilities go unfixed (or even
> unacknowledged) simply from having nobody who actually cares about the
> package. Very little "just works", even if it appears to, after a decade or
> two of little to no modifications or maintenance, if only because hidden
> assumptions the software makes about its environment cease to hold true.
The current policy is to not remove stuff unless it is actually broken.
> So long as it continues to "just work", the work involved in being a proxy
> maintainer should be next to nil. If it doesn't continue to just work,
> then at
> least you have a better idea about what's going on...you might even find
> effective ways to deal with the problem, either by fixing the package
> or providing backpressure on the environment changes that have broken (or
> threaten to break) it.