On Fri, 22 Jun 2018 21:50:50 -0500 "Marty E. Plummer" <hanet...@startmail.com> wrote:
> So, as you may be aware I've been doing some work on moving bzip2 to an > autotools based build. Recently I've ran into app-crypt/mhash, which is > in a semi-abandoned state (talking with the maintainer on twitter atm), > and I was thinking it may be a good idea to set up a project for keeping > these semi-abandoned and really-abandoned libraries and projects up to > date and such. > > Basically, an upstream for packages who's upstream is either > uncontactable or is otherwise not accepting bug fixes and patches. So > far I can only think of app-crypt/mhash and app-arch/bzip2 but I'm sure > there are others in this state. It may be worth mentioning that myself and a handful of others are kicking around the idea of creating a "vendorised upstream", which essentially treats all upstreams as unmaintained, and acts as a middle ground between upstream and linux distributions/end users, by re-shipping upstreams code with fixes, in a format similar to upstreams, but with the mentality of a Linux Vendor. Changes to this project would of course be made under the assumption that upstream would one day wake up, and may be interested in adopting some or all of our fixes ( and for upstreams that are currently not actually dead, this may happen sooner than later ) Presently, this is limited in scope to vendorizing CPAN, but it may grow. In concept, this is of course much more work than your idea, but it has a few advantages, particularly with regards to integrating various vendors patches in a single place. But obviously, such a project is somewhat gargantuan, and getting the working concept off the ground is going to take a while :)
pgpIFZaaxCeG6.pgp
Description: OpenPGP digital signature
