[gentoo-dev] Re: Please stop useless removals
AW == Alec Warner anta...@gentoo.org writes: AW If folks do not want to maintain it anymore, then it will be removed. That is about as harmful an attitude as possible. If you don't personally care about a package just leave it alone! And if you want more maintainers, then drop the schoolkid nonsense to join the club. -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6
Re: [gentoo-dev] Re: Please stop useless removals
On Sat, Feb 2, 2013 at 10:14 AM, James Cloos cl...@jhcloos.com wrote: AW == Alec Warner anta...@gentoo.org writes: AW If folks do not want to maintain it anymore, then it will be removed. That is about as harmful an attitude as possible. If you don't personally care about a package just leave it alone! The point of treecleaners is to clean stuff that is broken. They shouldn't be removing packages that do not work. That being said, if it doesn't work and no one is willing to maintain it, it doesn't belong in the tree. And if you want more maintainers, then drop the schoolkid nonsense to join the club. If this is some opaque comment about how it should easier to contribute to Gentoo (including being a proxy maintainer) then I couldn't agree more. That being said after looking at what it takes to become a debian developer or ubuntu developer...I don't think our process is any more onerous than those. -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6
[gentoo-dev] Re: Please stop useless removals
On 01/02/2013 12:11, Rich Freeman wrote: I do think it is a loss for Gentoo if we start removing packages simply because they don't change (which is all a dead upstream means - it isn't always a bad thing). The problem is that a package that doesn't change _will_ bitrot. Full stop. Trying to pretend that the problem does not exist, that an unmaintained package is just as fine as a maintained one is stupid and shortsighted, and explains why I have 1600 bugs open... -- Diego Elio Pettenò — Flameeyes flamee...@flameeyes.eu — http://blog.flameeyes.eu/
Re: [gentoo-dev] Re: Please stop useless removals
On Fri, Feb 1, 2013 at 6:20 AM, Diego Elio Pettenò flamee...@flameeyes.eu wrote: On 01/02/2013 12:11, Rich Freeman wrote: I do think it is a loss for Gentoo if we start removing packages simply because they don't change (which is all a dead upstream means - it isn't always a bad thing). The problem is that a package that doesn't change _will_ bitrot. Full stop. Then remove it when it does. Full stop. Rich
Re: [gentoo-dev] Re: Please stop useless removals
On 02/01/2013 12:20 PM, Diego Elio Pettenò wrote: On 01/02/2013 12:11, Rich Freeman wrote: I do think it is a loss for Gentoo if we start removing packages simply because they don't change (which is all a dead upstream means - it isn't always a bad thing). The problem is that a package that doesn't change _will_ bitrot. Full stop. Trying to pretend that the problem does not exist, that an unmaintained package is just as fine as a maintained one is stupid and shortsighted, and explains why I have 1600 bugs open... Making up new situations up like cross-dev, Gentoo/Prefix, or jet another cluttered C compiler should not doom working software. I agree on your testing effort and practice, but compliance with the weirdest of all setups shouldn't be ultimate reason. -- Michael Weber Gentoo Developer web: https://xmw.de/ mailto: Michael Weber x...@gentoo.org
Re: [gentoo-dev] Re: Please stop useless removals
On 01/02/2013 13:07, Michael Weber wrote: Making up new situations up like cross-dev, Gentoo/Prefix, or jet another cluttered C compiler should not doom working software. Which would be all fine and dandy I agree on your testing effort and practice, but compliance with the weirdest of all setups shouldn't be ultimate reason. ... if you had a clue on what you were saying. The tinderbox _by design_ is not testing weirdest of all setups, it's testing baseline. And if nobody's interested in getting (example) media-video/w3cam working (#247917 — last activity on the bug by me on 2010; last activity by someone else in 2008!), I don't see why it should be kept in tree. Bloody hell, I wonder how many people complaining about removing packages are actually using said packages, rather that complaining on principles! -- Diego Elio Pettenò — Flameeyes flamee...@flameeyes.eu — http://blog.flameeyes.eu/
Re: [gentoo-dev] Re: Please stop useless removals
On 02/01/2013 01:22 PM, Diego Elio Pettenò wrote: On 01/02/2013 13:07, Michael Weber wrote: Making up new situations up like cross-dev, Gentoo/Prefix, or jet another cluttered C compiler should not doom working software. Which would be all fine and dandy I agree on your testing effort and practice, but compliance with the weirdest of all setups shouldn't be ultimate reason. ... if you had a clue on what you were saying. The tinderbox _by design_ is not testing weirdest of all setups, it's testing baseline. Yeah, but test for /usr/share/doc/${PF} (random to irrelevant), $CFLAGS/$LDFLAGS/$AR (enable these miraculous setup), automake-1.12 (at what point in future do you see that as oldest in-tree) last are no statement regarding a packages functionality on a plain system. And if nobody's interested in getting (example) media-video/w3cam working (#247917 — last activity on the bug by me on 2010; last activity by someone else in 2008!), I don't see why it should be kept in tree. *insert random example here* I did not argue to keep these in tree, or to label them a+++. Martin and I did not argue that there are no circumstances an software should be left alone. We both said, that not working with qt3/... may be a strong argument. Bloody hell, I wonder how many people complaining about removing packages are actually using said packages, rather that complaining on principles! Keep on the ground. I rather prefer a combined discussion on principles or workflow, than bringing up this discussion for every single package. This is a general Gentoo list, so the mails might get some kind of general. -- Michael Weber Gentoo Developer web: https://xmw.de/ mailto: Michael Weber x...@gentoo.org
Re: [gentoo-dev] Re: Please stop useless removals
On 01/02/2013 13:36, Michael Weber wrote: Yeah, but test for /usr/share/doc/${PF} (random to irrelevant), Which I don't open bugs about any longer. $CFLAGS/$LDFLAGS/$AR (enable these miraculous setup), WTF does enable these miraculous setup mean? Seriously. Also, no I don't test or bother opening bugs for either $AR or $CC. I do test for and open bugs for $CFLAGS/$LDFLAGS handling because _that is what Gentoo is about_ and among other things they work as a good sanity check. automake-1.12 (at what point in future do you see that as oldest in-tree) Are you dense? If automake-1.12 is installed, the majority of the tree _will_ use it. The fact that I test for it is to avoid you getting the bugs from users who really want to use your package. last are no statement regarding a packages functionality on a plain system. If the package is TFU, and nobody cares enough to fix it, the functionality on a plain system is screwed up anyway. If you can't be bothered to make your package comply with at least the minimum style of the rest of the tree, I'd honestly prefer you gave up tree access. Keep on the ground. I rather prefer a combined discussion on principles or workflow, than bringing up this discussion for every single package. This is a general Gentoo list, so the mails might get some kind of general. The problem here is that it's not general. It's fantasy. I'm not saying that we should remove a package because it has one trivial bug not fixed in three months. But when upstream is dead, and nobody in Gentoo is caring for it, has half a dozen open bug (trivial or not), unsolved or unsolvable for over an year... punt the crap from the tree and reduce the overload. Also, since you are a dev, instead of complaining at how team $x removes their packages, you can step in and save the package. As Alec said Gentoo is not a software archival service. so arguing on the principle that we should never delete any package from our tree is simply preposterous. -- Diego Elio Pettenò — Flameeyes flamee...@flameeyes.eu — http://blog.flameeyes.eu/
Re: [gentoo-dev] Re: Please stop useless removals
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/02/13 06:20 AM, Diego Elio Pettenò wrote: On 01/02/2013 12:11, Rich Freeman wrote: I do think it is a loss for Gentoo if we start removing packages simply because they don't change (which is all a dead upstream means - it isn't always a bad thing). The problem is that a package that doesn't change _will_ bitrot. Full stop. Trying to pretend that the problem does not exist, that an unmaintained package is just as fine as a maintained one is stupid and shortsighted, and explains why I have 1600 bugs open... True -- but then, the reason for that package's removal is one or many of those bugs, not because upstream is dead and the package is old and might at some point in the future have bugs due to bitrot. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iF4EAREIAAYFAlELwj4ACgkQ2ugaI38ACPCa1QEAggm0vXETySkPrLJD3Lquvc4Q Kkt7ft0dBamMGH86bE4BAL1S1X7T9dZZS88on2GhAZKy81iY8G8VWch8GUXw3Q5k =6TbE -END PGP SIGNATURE-
Re: [gentoo-dev] Re: Please stop useless removals
On Fri, Feb 1, 2013 at 7:53 AM, Diego Elio Pettenò flamee...@flameeyes.eu wrote: I'm not saying that we should remove a package because it has one trivial bug not fixed in three months. But when upstream is dead, and nobody in Gentoo is caring for it, has half a dozen open bug (trivial or not), unsolved or unsolvable for over an year... punt the crap from the tree and reduce the overload. Open trivial bugs don't create any overload, except for those who go looking at them and worrying about them at night. As long as it builds on 80%+ of systems and has no serious issues (security in particular) there is no reason to remove a package. Yes, quality issues might cause it to have issues on 80% of systems in the future, and when that happens prune it. I have no idea how many open bugs Gentoo has. The reason for this is that I search for bugs that I care about, and the only thing that has to worry about the rest is the database server. If we had a trillion open bugs I'd start worrying about that more, though simply closing them wouldn't help in that case. Remove things when they cause problems, not before. Rich
Re: [gentoo-dev] Re: Please stop useless removals
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01.02.2013 14:26, Rich Freeman wrote: As long as it builds on 80%+ of systems and has no serious issues (security in particular) there is no reason to remove a package. And how will you get to know about current or future security issues if nobody (in Gentoo) cares about the package? Remove things when they cause problems, not before. You mean, not before your users' systems have been compromised and they complain loudly about it? Best regards, Wulf -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlELxNgACgkQnuVXRcSi+5qP8wCghvWTuQvcFfJojX9HS8Jln6O/ 144AnipUMY1NU8DbrtzesEbvpSHeYkPt =awFq -END PGP SIGNATURE-
Re: [gentoo-dev] Re: Please stop useless removals
On Fri, Feb 1, 2013 at 8:36 AM, Wulf C. Krueger w...@mailstation.de wrote: And how will you get to know about current or future security issues if nobody (in Gentoo) cares about the package? The same way that you know about security issues in Firefox or Chromium - somebody reports them. Security bugs still go to the security team, and they're welcome to treeclean with a vengence. I guarantee that you have unreported security bugs in whatever browser and email client you're using right now. Until somebody tells upstream about them you're going to be vulnerable. That said, I'm fine with having some kind of overlay for stuff like this (we need to reduce the stigma on overlays), and I think that having some kind of quality tagging system also makes sense for communicating just how clean packages are. Give the users a choice. Overlays seem to be largely used to do just this - the overlay itself has some connotation of level-of-quality. Rich
[gentoo-dev] Re: Please stop useless removals
On 2/02/2013 00:36, Wulf C. Krueger wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01.02.2013 14:26, Rich Freeman wrote: As long as it builds on 80%+ of systems and has no serious issues (security in particular) there is no reason to remove a package. And how will you get to know about current or future security issues if nobody (in Gentoo) cares about the package? The security team routinely monitors various information sources to ensure that issues are tracked regardless of maintainer. Remove things when they cause problems, not before. You mean, not before your users' systems have been compromised and they complain loudly about it? Best regards, Wulf -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlELxNgACgkQnuVXRcSi+5qP8wCghvWTuQvcFfJojX9HS8Jln6O/ 144AnipUMY1NU8DbrtzesEbvpSHeYkPt =awFq -END PGP SIGNATURE-
Re: [gentoo-dev] Re: Please stop useless removals
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01.02.2013 14:47, Rich Freeman wrote: And how will you get to know about current or future security issues if nobody (in Gentoo) cares about the package? The same way that you know about security issues in Firefox or Chromium [...] Until somebody tells upstream about them you're going to be vulnerable. Indeed. In contrast to many of the packages that were mentioned in this thread, Firefox and Chromium have an active upstream, though. What do you think will happen to projects with a dead upstream? I think the answer is pretty simple: Nothing. Thus, your users' systems will remain vulnerable and you won't even know about it. Best regards, Wulf -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlELyXkACgkQnuVXRcSi+5q6UgCfQLgmYQkShYNu2bwokxzP32Fv FBEAoNz/qw2QRArkSUugGXgL3bII6zn9 =aboK -END PGP SIGNATURE-
Re: [gentoo-dev] Re: Please stop useless removals
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/02/13 08:56 AM, Wulf C. Krueger wrote: On 01.02.2013 14:47, Rich Freeman wrote: And how will you get to know about current or future security issues if nobody (in Gentoo) cares about the package? The same way that you know about security issues in Firefox or Chromium [...] Until somebody tells upstream about them you're going to be vulnerable. Indeed. In contrast to many of the packages that were mentioned in this thread, Firefox and Chromium have an active upstream, though. What do you think will happen to projects with a dead upstream? I think the answer is pretty simple: Nothing. Not really, no. A dead upstream means that there isn't an upstream to push a fix or release a new version. That's all. If security bugs occur then there's two options -- fix, or remove. So if the gentoo dev in question doesn't have time/ability/desire to fix, they or security remove it at that point. This isn't nothing to me; I must be missing something from your response? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iF4EAREIAAYFAlELyo8ACgkQ2ugaI38ACPC1FAD/fxM93LFEKtl8t87qc6QSIkTL HkQtk2t4xFQxoBAZNIUBALrMJxstxw4pBwOytiQfJq9CLxf3dOnUIQCdRDwIxA6Y =j28W -END PGP SIGNATURE-
Re: [gentoo-dev] Re: Please stop useless removals
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry for quoting a lot this time but it's important for understanding the issue. On 01.02.2013 15:00, Ian Stakenvicius wrote: On 01/02/13 08:56 AM, Wulf C. Krueger wrote: On 01.02.2013 14:47, Rich Freeman wrote: And how will you get to know about current or future security issues if nobody (in Gentoo) cares about the package? The same way that you know about security issues in Firefox or Chromium [...] Until somebody tells upstream about them you're going to be vulnerable. Indeed. In contrast to many of the packages that were mentioned in this thread, Firefox and Chromium have an active upstream, though. What do you think will happen to projects with a dead upstream? I think the answer is pretty simple: Nothing. Not really, no. A dead upstream means that there isn't an upstream to push a fix or release a new version. That's all. If security bugs occur then there's two options -- fix, or remove. So if the gentoo dev in question doesn't have time/ability/desire to fix, they or security remove it at that point. This isn't nothing to me; I must be missing something from your response? Yes, the topmost two lines in my quote: And how will you get to know about current or future security issues if nobody (in Gentoo) cares about the package? In the dead upstream case it's unlikely anyone is checking the package for security issues in the first place. So neither the Gentoo security people will get notice via the usual sources nor will any upstream be informed. If there's a *known* bug, you're right. Case closed. If the package in question is just bit-rotting and nobody cares, you most likely won't ever know about any security issues, though - until something nasty happens. This is one of the problems with dead upstream packages. Best regards, Wulf -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlELzGEACgkQnuVXRcSi+5rJAwCfYGcHAJzmxwD+2L0WZlajnfP4 TzsAn1NN88QQDG3Q9br73nM1KcFT9rDW =5aeo -END PGP SIGNATURE-
Re: [gentoo-dev] Re: Please stop useless removals
On Fri, Feb 1, 2013 at 9:08 AM, Wulf C. Krueger w...@mailstation.de wrote: In the dead upstream case it's unlikely anyone is checking the package for security issues in the first place. So neither the Gentoo security people will get notice via the usual sources nor will any upstream be informed. That seems rather speculative. I'm sure that people look for vulnerabilities in unmaintained software - if they didn't then nobody would be able to exploit them in the first place (you have to find a vulnerability to exploit it). I imagine most vulnerabilities are found by people outside of projects in the first place. We don't know how many vulnerabilities there are in maintained packages, let alone unmaintained ones, so a comparison is a bit difficult. Popularity is probably a better indicator of whether something will have vulnerabilities reported than whether it has an upstream. The two are of course loosely connected. Rich
Re: [gentoo-dev] Re: Please stop useless removals
On 02/01/2013 07:07 AM, Michael Weber wrote: On 02/01/2013 12:20 PM, Diego Elio Pettenò wrote: On 01/02/2013 12:11, Rich Freeman wrote: I do think it is a loss for Gentoo if we start removing packages simply because they don't change (which is all a dead upstream means - it isn't always a bad thing). The problem is that a package that doesn't change _will_ bitrot. Full stop. Trying to pretend that the problem does not exist, that an unmaintained package is just as fine as a maintained one is stupid and shortsighted, and explains why I have 1600 bugs open... Making up new situations up like cross-dev, Gentoo/Prefix, or jet another cluttered C compiler should not doom working software. I agree on your testing effort and practice, but compliance with the weirdest of all setups shouldn't be ultimate reason. Being broken on one architecture should not prevent a package from being available to others where it works. You just do not keyword things on architectures where they are broken. This is why we have keywording. signature.asc Description: OpenPGP digital signature
[gentoo-dev] Re: Please stop useless removals
On 02/01/2013 02:36 AM, Vaeth wrote: # Upstream is dead and gone. # Masked for removal on 20130302 Erm, so this is the _only_ reason - dead upstream? ++ Please, please, stop removing packages for no reason! This happens now way too often: app-dicts/ispell* app-portage/epm app-text/ispell games-arcade/bitefusion games-arcade/xboing games-action/trackballs games-emulation/xmame ... These are just some of the previous examples which I remember because I had to put them in my local overlay. None of these removals alone was so valuable to me that I saw a reason to step up, but the removals for no reasons accumulate previously so much that I see the need to say something: You are destroying the charme of gentoo by systematically removing all these little tools and toys. The availability of a lot of software was once a strength of gentoo, so removing these things is really bad, especially if it happens for no real reason. I was understanding if e.g. someting was removed which needs the gtk-2 or qt-4 framework or something similar and had a dead upstream. But just needing a small tool like imake (xboing) or having open feature requestes (epm) or even nothing and just dead upstream is IMHO really not a reason. If something really does not compile anymore and nobody cares, then remove keywords (or, for god's sake, mask it); if something might theoretically become a security issue (xpdf) then it should be masked. But please do not throw things out of the tree unless really necessary: It does not hurt anybody to have such package in the tree, but removing it - especially if upstream is dead - means that the tarbalös will be removed from the mirrors and thus nobody is able anymore to install it (even if he would care and fix some minor issues) unless he had kept a copy on his local machine (which will mean in the future that he can only do it if he had used gentoo already many years ago and cared during the time of the removal). (If the resources are an argument: I am not speaking about monster packages taking gigabytes of data - these might need to be discussed separately - but mainly about reasonably sized packages which even if summed up do not take much data). Regards Martin I suspect that the removal message is inaccurate. The actual reason for removal is the following: https://bugs.gentoo.org/show_bug.cgi?id=425298 If you were to make a webpage for it and host the tarball for people, it should be possible to resolve that bug. That should be sufficient to have the removal mask removed. I suspect that the Anapnea network will be more than happy to provide you with hosting for this: http://www.anapnea.net/ signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Re: Please stop useless removals
On Fri, 1 Feb 2013 09:45:07 -0500 Rich Freeman ri...@gentoo.org wrote: That seems rather speculative. I'm sure that people look for vulnerabilities in unmaintained software - if they didn't then nobody would be able to exploit them in the first place (you have to find a vulnerability to exploit it). I imagine most vulnerabilities are found by people outside of projects in the first place. We don't know how many vulnerabilities there are in maintained packages, let alone unmaintained ones, so a comparison is a bit difficult. Also, there are plenty of packages that can't really *have* interesting security vulnerabilities in the first place. I don't know the specifics of the games that were removed, but games in general, if they are purely single-player and only ever read and write files in the player's home directory, don't really have an attack surface to start with. You can't remotely exploit a program that never creates a socket, and you can't locally exploit a program that never tries to access files other than those in its invoker's home directory and root-writable directories like /usr/share, and does so with the invoker's usual privileges. Do you treeclean those because they might have security holes? Chris
Re: [gentoo-dev] Re: Please stop useless removals
On Fri, Feb 1, 2013 at 10:51 AM, Richard Yao r...@gentoo.org wrote: I suspect that the removal message is inaccurate. The actual reason for removal is the following: https://bugs.gentoo.org/show_bug.cgi?id=425298 If you were to make a webpage for it and host the tarball for people, it should be possible to resolve that bug. That should be sufficient to have the removal mask removed. Yes, after sending out my email I took a closer look and came to the same conclusion. I'm perfectly fine with masking/removing packages that do not have valid SRC_URIs, and if somebody wants to host the tarball somewhere and submit a patch to fix it we shouldn't have a problem with a dev committing that patch and prolonging the package a bit longer (though ideally a proxy maintainer would be helpful). Bottom line is that we shouldn't drop packages simply because they're unmaintained or lack an upstream. Missing SRC_URIs on unmaintained packages are fair game, however, as are other serious issues. I have no desire to make the mirror maintainers sort through log noise on something like this. For those who are doing the treecleaning, please do yourself a favor and point out the actual show-stoppers so that you don't have a war on your hand every time you mask something. :) Rich
Re: [gentoo-dev] Re: Please stop useless removals
On 01/02/2013 23:52, Rich Freeman wrote: For those who are doing the treecleaning, please do yourself a favor and point out the actual show-stoppers so that you don't have a war on your hand every time you mask something. :) Or maybe, you know, stop starting idiotic flamewars on principles assuming that all of QA is out to ruin your life, which seems to happen pretty often to you. -- Diego Elio Pettenò — Flameeyes flamee...@flameeyes.eu — http://blog.flameeyes.eu/
Re: [gentoo-dev] Re: Please stop useless removals
On Fri, Feb 1, 2013 at 5:54 PM, Diego Elio Pettenò flamee...@flameeyes.eu wrote: On 01/02/2013 23:52, Rich Freeman wrote: For those who are doing the treecleaning, please do yourself a favor and point out the actual show-stoppers so that you don't have a war on your hand every time you mask something. :) Or maybe, you know, stop starting idiotic flamewars on principles assuming that all of QA is out to ruin your life, which seems to happen pretty often to you. The argument was made that unmaintained packages that have dead upstreams should be removed. I explained why this was bad policy. This is not a flamewar. It turns out that this wasn't actually why these packages were removed, but it doesn't really change the validity of anything I said. In the end the error wasn't in the removal of the packages, but in the justification for doing so. It really isn't meant personally, and I certainly don't take it as such. Rich
Re: [gentoo-dev] Re: Please stop useless removals
On 02/02/2013 12:17 AM, Rich Freeman wrote: On Fri, Feb 1, 2013 at 5:54 PM, Diego Elio Pettenò flamee...@flameeyes.eu wrote: On 01/02/2013 23:52, Rich Freeman wrote: For those who are doing the treecleaning, please do yourself a favor and point out the actual show-stoppers so that you don't have a war on your hand every time you mask something. :) Or maybe, you know, stop starting idiotic flamewars on principles assuming that all of QA is out to ruin your life, which seems to happen pretty often to you. The argument was made that unmaintained packages that have dead upstreams should be removed. I explained why this was bad policy. This is not a flamewar. +1 Dead upstream is no reason alone to treeclean any package. A reason would be a severe runtime or buildtime bug, that needs a non-trivial fix, but no upstream to take care of that.
Re: [gentoo-dev] Re: Please stop useless removals
130201 Rich Freeman wrote: On Fri, Feb 1, 2013 at 10:51 AM, Richard Yao r...@gentoo.org wrote: The actual reason for removal is the following: https://bugs.gentoo.org/show_bug.cgi?id=425298 I'm perfectly fine with masking/removing packages that do not have valid SRC_URIs and if somebody wants to host the tarball somewhere and submit a patch to fix it we shouldn't have a problem with a dev committing that patch and prolonging the package a bit longer. Bottom line is that we shouldn't drop packages simply because they're unmaintained or lack an upstream. +1 Missing SRC_URIs on unmaintained packages are fair game, however, as are other serious issues. I have no desire to make the mirror maintainers sort thro log noise on something like this. If a mere user may comment (smile), I use = 1 pkg which hasn't been updated for a long time, Apwal, but is in fact an excellent little app which deserves wider knowledge. It's one of those apps which needs no further development. There are also pkgs like Nethack, which is hard-masked because there's a serious security bug on multi-user systems, but which offers no problems on a single-user desktop. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca