Alec Warner posted on Tue, 20 Sep 2016 19:06:11 -0700 as excerpted:

> On Tue, Sep 20, 2016 at 9:00 AM, Michael Mol <> wrote:
>> On Friday, September 16, 2016 09:54:42 PM Duncan wrote:
>> > Kristian Fiskerstrand posted on Fri, 16 Sep 2016 14:58:22 +0200 as
>> >
>> > excerpted:
>> > > On 09/16/2016 02:31 PM, Hanno Böck wrote:
>> > >> media-gfx/skencil is a python-written vector graphics tool. It was
>> once
>> > >> popular before inkscape became the de-facto-standard. It hasn't
>> > >> seen any upstream activity for a decade(!), but surprisingly it
>> > >> still seems to work.
>> > >>
>> > >> I haven't used it for many years myself.
>> > >>
>> > >> There are 4 open bugs in bugzilla.
>> > >>
>> > >> Anyone interested in taking it? (else the usual: will be
>> > >> reassigned to maintainer-needed)
>> > >
>> > > Also sounds like a candidate for treecleaning / moving to an
>> > > overlay
>> and
>> > > not keeping non-upstream maintained things in tree if nobody want
>> > > to take the maintainer burden of it.
>> >
>> > Why treeclean it, if it still works and can still be built against
>> > in- tree python?
>> >
>> > Sometimes mature packages don't get further maintenance because they
>> > "just work" as they are, and don't _need_ to eventually be bloated to
>> > include email and browsing functionality or whatever.
>> >
>> > Of course if it requires old python and eventually the last supported
>> > in-
>> > tree python is being removed, and nobody steps up to update it then,
>> > /then/ it should be removed from the tree as it'll be broken /then/,
>> > but that's not the case now, as Hanno explicitly said it still seems
>> > to work.
>> It needs a maintainer. Are you offering?
>> Packages without maintainers anywhere along the line (either local or
>> upstream) risk having security vulnerabilities go unfixed (or even
>> unacknowledged) simply from having nobody who actually cares about the
>> package. Very little "just works", even if it appears to, after a
>> decade or two of little to no modifications or maintenance, if only
>> because hidden assumptions the software makes about its environment
>> cease to hold true.
> The current policy is to not remove stuff unless it is actually broken.

Yes.  Switch it to maintainer-needed and put an ewarn to that effect if 
desired, but if it still works and isn't bothering anyone, policy /has/ 
been to leave it in the tree.

This is what I was getting at.  Why is it being removed, against policy, 
if it still works?  (Or did the policy change at some point and I just 
missed it, but apparently not, given Rich0's and Antarus' replies.)

I don't use the package myself and have no personal interest in it.  I 
simply wondered what was going on with removal of an apparently working 
package that doesn't seem to be causing anyone problems, in contravention 
of what I understood to be gentoo tree-cleaning policy, thus the question.

Plus, /someone/ might use it, and (unless it's proprietary, I don't/can't-
legally use those as I can't agree to the EULAs, etc) for all I know 
something might change and I might find myself being that /someone/ that 
would have used it, had I spoke up back when an unbroken package was 
being removed for no good reason, except I didn't and it was removed, and 
thus I never knew I /could/ have used it as it was gone by the time I 
found I needed something with that functionality.

Meanwhile, if there's a security issue, there's a security project to 
take care of that, regardless of whether there's a maintainer or not.  
And if there's no maintainer and there's a security issue, then the 
package _is_ broken and can be masked and tree-cleaned then.

Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

Reply via email to