[Mageia-dev] [RFC] How to proceed with seamonkey/iceape for security updates and freeze push

Florian Hubold doktor5000 at arcor.de
Tue Mar 27 21:10:04 CEST 2012


Am 26.03.2012 21:29, schrieb Samuel Verschelde:
> Le lundi 26 mars 2012 19:46:56, Florian Hubold a écrit :
>> If nobody responds, i'll push my current work as security update for Mageia
>> 1, and drop iceape from cauldron so that we won't have an outdated package
>> and a potential security risk for Mageia 2.
>>
> The problem with dropping a package that was present in Mageia 1, in my 
> opinion, is that it's too late to do so. By shipping it we implicitly promised 
> to maintain it. Of course with that kind of logic we would never drop any 
> package, but I just wanted to point out that dropping a package is not that an 
> easy solution : when dropping something, there should be a note somewhere (in 
> the errata?), there should be a warning before upgrade (ideally "the following 
> packages found on your system are no longer supported in Mageia 2 and will not 
> get security updates. Do you want to continue?").
>
> I'm not volunteering to maintain it, so I won't strongly oppose dropping it, 
> but if possible I'd like we actively looked for a maintainer first rather and 
> drop it only as a last solution.
>
> Best regards
>
> Samuel Verschelde
>
Well, i've put this up multiple times before, the rebrand and the missing
security updates, now that nothing has happened, i've at least worked
on a solution for Mageia 1. But we should try to keep it sustainable
in the long term.

So please not make that "we should look for a maintainer" as then IMHO
nothing will happen by itself, but just propose to feed it to Cerberus.

Wasn't the goal some time ago to have no packages maintained by infamous
nobody? Now we have packages, which are not really maintained. This is
quite a step back.

Also please consider that nobody was interested about discussing a proposal
for a policy about unresponsive maintainers, which is a really similar topic, IMHO.
Quite sad overall, if you ask me, and much room for improvements.

So if noone volunteers and ensures to keep it updated for stable distros,
i'm gonna drop it from cauldron next week, before it's too late.


PS: IMHO, we didn't promise to people "we will maintain this collection of
software eternally" this is just not realistic and not possible, but we promised
stable packages of a good quality. Neither is fulfilled in this case.


More information about the Mageia-dev mailing list