Re: [gentoo-dev] Re: Package up for grabs: skencil

2016-09-20 Thread Kent Fredric 
On Tue, 20 Sep 2016 12:45:06 -0400
Rich Freeman  wrote:

>  It
> just seems silly, and it might actually reduce the incentive for
> somebody else to step up and actually maintain it because it doesn't
> go on list of maintainer-needed packages.  In this way the rush to
> treeclean stuff that works actually results in stuff that is LESS
> maintained but still in the tree.


So in that regard, any thoughts on a compromise?

I figured something like 


...

   opensea...@gentoo.org
   Open Season For Maintainence



Where its like "maintainer needed" except with a defacto maintainer.

That is, it shares the property of maintainer needed that anybody at all
can maintain it informally "just to keep it working".

The idea being to communicate "hey, I'm still using this, and
will work on it when I have time, but I don't want to stand in the way
of somebody else making it be more useful, just do whatever with it
and if I really don't like that, I'll remove openseason"


But of course, I do agree that "maintainer needed" should not imply
"free to clean".


pgp8sRaLTJibU.pgp
Description: OpenPGP digital signature

[gentoo-dev] Re: Package up for grabs: skencil

2016-09-20 Thread Duncan 
Alec Warner posted on Tue, 20 Sep 2016 19:06:11 -0700 as excerpted:

> On Tue, Sep 20, 2016 at 9:00 AM, Michael Mol  wrote:
> 
>> On Friday, September 16, 2016 09:54:42 PM Duncan wrote:
>> > Kristian Fiskerstrand posted on Fri, 16 Sep 2016 14:58:22 +0200 as
>> >
>> > excerpted:
>> > > On 09/16/2016 02:31 PM, Hanno Böck wrote:
>> > >> media-gfx/skencil is a python-written vector graphics tool. It was
>> once
>> > >> popular before inkscape became the de-facto-standard. It hasn't
>> > >> seen any upstream activity for a decade(!), but surprisingly it
>> > >> still seems to work.
>> > >>
>> > >> I haven't used it for many years myself.
>> > >>
>> > >> There are 4 open bugs in bugzilla.
>> > >>
>> > >> Anyone interested in taking it? (else the usual: will be
>> > >> reassigned to maintainer-needed)
>> > >
>> > > Also sounds like a candidate for treecleaning / moving to an
>> > > overlay
>> and
>> > > not keeping non-upstream maintained things in tree if nobody want
>> > > to take the maintainer burden of it.
>> >
>> > Why treeclean it, if it still works and can still be built against
>> > in- tree python?
>> >
>> > Sometimes mature packages don't get further maintenance because they
>> > "just work" as they are, and don't _need_ to eventually be bloated to
>> > include email and browsing functionality or whatever.
>> >
>> > Of course if it requires old python and eventually the last supported
>> > in-
>> > tree python is being removed, and nobody steps up to update it then,
>> > /then/ it should be removed from the tree as it'll be broken /then/,
>> > but that's not the case now, as Hanno explicitly said it still seems
>> > to work.
>>
>> It needs a maintainer. Are you offering?
>>
>> Packages without maintainers anywhere along the line (either local or
>> upstream) risk having security vulnerabilities go unfixed (or even
>> unacknowledged) simply from having nobody who actually cares about the
>> package. Very little "just works", even if it appears to, after a
>> decade or two of little to no modifications or maintenance, if only
>> because hidden assumptions the software makes about its environment
>> cease to hold true.
>>
>>
> The current policy is to not remove stuff unless it is actually broken.

Yes.  Switch it to maintainer-needed and put an ewarn to that effect if 
desired, but if it still works and isn't bothering anyone, policy /has/ 
been to leave it in the tree.

This is what I was getting at.  Why is it being removed, against policy, 
if it still works?  (Or did the policy change at some point and I just 
missed it, but apparently not, given Rich0's and Antarus' replies.)

I don't use the package myself and have no personal interest in it.  I 
simply wondered what was going on with removal of an apparently working 
package that doesn't seem to be causing anyone problems, in contravention 
of what I understood to be gentoo tree-cleaning policy, thus the question.

Plus, /someone/ might use it, and (unless it's proprietary, I don't/can't-
legally use those as I can't agree to the EULAs, etc) for all I know 
something might change and I might find myself being that /someone/ that 
would have used it, had I spoke up back when an unbroken package was 
being removed for no good reason, except I didn't and it was removed, and 
thus I never knew I /could/ have used it as it was gone by the time I 
found I needed something with that functionality.


Meanwhile, if there's a security issue, there's a security project to 
take care of that, regardless of whether there's a maintainer or not.  
And if there's no maintainer and there's a security issue, then the 
package _is_ broken and can be masked and tree-cleaned then.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

Re: [gentoo-dev] Re: Package up for grabs: skencil

2016-09-20 Thread Alec Warner 
On Tue, Sep 20, 2016 at 9:00 AM, Michael Mol  wrote:

> On Friday, September 16, 2016 09:54:42 PM Duncan wrote:
> > Kristian Fiskerstrand posted on Fri, 16 Sep 2016 14:58:22 +0200 as
> >
> > excerpted:
> > > On 09/16/2016 02:31 PM, Hanno Böck wrote:
> > >> media-gfx/skencil is a python-written vector graphics tool. It was
> once
> > >> popular before inkscape became the de-facto-standard. It hasn't seen
> > >> any upstream activity for a decade(!), but surprisingly it still seems
> > >> to work.
> > >>
> > >> I haven't used it for many years myself.
> > >>
> > >> There are 4 open bugs in bugzilla.
> > >>
> > >> Anyone interested in taking it? (else the usual: will be reassigned to
> > >> maintainer-needed)
> > >
> > > Also sounds like a candidate for treecleaning / moving to an overlay
> and
> > > not keeping non-upstream maintained things in tree if nobody want to
> > > take the maintainer burden of it.
> >
> > Why treeclean it, if it still works and can still be built against in-
> > tree python?
> >
> > Sometimes mature packages don't get further maintenance because they
> > "just work" as they are, and don't _need_ to eventually be bloated to
> > include email and browsing functionality or whatever.
> >
> > Of course if it requires old python and eventually the last supported in-
> > tree python is being removed, and nobody steps up to update it then,
> > /then/ it should be removed from the tree as it'll be broken /then/, but
> > that's not the case now, as Hanno explicitly said it still seems to work.
>
> It needs a maintainer. Are you offering?
>
> Packages without maintainers anywhere along the line (either local or
> upstream) risk having security vulnerabilities go unfixed (or even
> unacknowledged) simply from having nobody who actually cares about the
> package. Very little "just works", even if it appears to, after a decade or
> two of little to no modifications or maintenance, if only because hidden
> assumptions the software makes about its environment cease to hold true.
>
>
The current policy is to not remove stuff unless it is actually broken.

-A



> So long as it continues to "just work", the work involved in being a proxy
> maintainer should be next to nil. If it doesn't continue to just work,
> then at
> least you have a better idea about what's going on...you might even find
> effective ways to deal with the problem, either by fixing the package
> yourself
> or providing backpressure on the environment changes that have broken (or
> threaten to break) it.
>
> --
> :wq

Re: [gentoo-dev] Re: Package up for grabs: skencil

2016-09-20 Thread Rich Freeman 
On Tue, Sep 20, 2016 at 12:00 PM, Michael Mol  wrote:
> On Friday, September 16, 2016 09:54:42 PM Duncan wrote:
>>
>> Why treeclean it, if it still works and can still be built against in-
>> tree python?
>>
>> Sometimes mature packages don't get further maintenance because they
>> "just work" as they are, and don't _need_ to eventually be bloated to
>> include email and browsing functionality or whatever.
>>
>> Of course if it requires old python and eventually the last supported in-
>> tree python is being removed, and nobody steps up to update it then,
>> /then/ it should be removed from the tree as it'll be broken /then/, but
>> that's not the case now, as Hanno explicitly said it still seems to work.
>
> It needs a maintainer. Are you offering?
>
> Packages without maintainers anywhere along the line (either local or
> upstream) risk having security vulnerabilities go unfixed (or even
> unacknowledged) simply from having nobody who actually cares about the
> package. Very little "just works", even if it appears to, after a decade or
> two of little to no modifications or maintenance, if only because hidden
> assumptions the software makes about its environment cease to hold true.

This is a general statement that could apply to any package, but in
general it is not a policy that packages must be treecleaned simply
because they're unmaintained.

I'm all for removing packages as soon as they become a burden but not before.

> So long as it continues to "just work", the work involved in being a proxy
> maintainer should be next to nil.

This is silly.  It just encourages people to put their name down and
not touch the package simply so that it doesn't get treecleaned.

Heck, I've done this, maintaining one package that I don't think I've
made a single commit to since I rescued it from treecleaning.  If it
ever becomes a burden on somebody else I'll happily remove it.  It
just seems silly, and it might actually reduce the incentive for
somebody else to step up and actually maintain it because it doesn't
go on list of maintainer-needed packages.  In this way the rush to
treeclean stuff that works actually results in stuff that is LESS
maintained but still in the tree.

-- 
Rich

Re: [gentoo-dev] Re: Package up for grabs: skencil

2016-09-20 Thread Michael Mol 
On Friday, September 16, 2016 09:54:42 PM Duncan wrote:
> Kristian Fiskerstrand posted on Fri, 16 Sep 2016 14:58:22 +0200 as
> 
> excerpted:
> > On 09/16/2016 02:31 PM, Hanno Böck wrote:
> >> media-gfx/skencil is a python-written vector graphics tool. It was once
> >> popular before inkscape became the de-facto-standard. It hasn't seen
> >> any upstream activity for a decade(!), but surprisingly it still seems
> >> to work.
> >> 
> >> I haven't used it for many years myself.
> >> 
> >> There are 4 open bugs in bugzilla.
> >> 
> >> Anyone interested in taking it? (else the usual: will be reassigned to
> >> maintainer-needed)
> > 
> > Also sounds like a candidate for treecleaning / moving to an overlay and
> > not keeping non-upstream maintained things in tree if nobody want to
> > take the maintainer burden of it.
> 
> Why treeclean it, if it still works and can still be built against in-
> tree python?
> 
> Sometimes mature packages don't get further maintenance because they
> "just work" as they are, and don't _need_ to eventually be bloated to
> include email and browsing functionality or whatever.
> 
> Of course if it requires old python and eventually the last supported in-
> tree python is being removed, and nobody steps up to update it then,
> /then/ it should be removed from the tree as it'll be broken /then/, but
> that's not the case now, as Hanno explicitly said it still seems to work.

It needs a maintainer. Are you offering?

Packages without maintainers anywhere along the line (either local or 
upstream) risk having security vulnerabilities go unfixed (or even 
unacknowledged) simply from having nobody who actually cares about the 
package. Very little "just works", even if it appears to, after a decade or 
two of little to no modifications or maintenance, if only because hidden 
assumptions the software makes about its environment cease to hold true.

So long as it continues to "just work", the work involved in being a proxy 
maintainer should be next to nil. If it doesn't continue to just work, then at 
least you have a better idea about what's going on...you might even find 
effective ways to deal with the problem, either by fixing the package yourself 
or providing backpressure on the environment changes that have broken (or 
threaten to break) it.

-- 
:wq

signature.asc
Description: This is a digitally signed message part.

[gentoo-dev] Re: Package up for grabs: skencil

2016-09-16 Thread Duncan 
Kristian Fiskerstrand posted on Fri, 16 Sep 2016 14:58:22 +0200 as
excerpted:

> On 09/16/2016 02:31 PM, Hanno Böck wrote:
>> media-gfx/skencil is a python-written vector graphics tool. It was once
>> popular before inkscape became the de-facto-standard. It hasn't seen
>> any upstream activity for a decade(!), but surprisingly it still seems
>> to work.
>> 
>> I haven't used it for many years myself.
>> 
>> There are 4 open bugs in bugzilla.
>> 
>> Anyone interested in taking it? (else the usual: will be reassigned to
>> maintainer-needed)
> 
> Also sounds like a candidate for treecleaning / moving to an overlay and
> not keeping non-upstream maintained things in tree if nobody want to
> take the maintainer burden of it.


Why treeclean it, if it still works and can still be built against in-
tree python?

Sometimes mature packages don't get further maintenance because they 
"just work" as they are, and don't _need_ to eventually be bloated to 
include email and browsing functionality or whatever.

Of course if it requires old python and eventually the last supported in-
tree python is being removed, and nobody steps up to update it then, 
/then/ it should be removed from the tree as it'll be broken /then/, but 
that's not the case now, as Hanno explicitly said it still seems to work.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman