Am 30.11.2010 13:42, schrieb Corinna Vinschen:
> So, first I'd really like to get a word from you, Jason.
>
> If Jason is AWOL for a longer period of time (which I doubt, since he
> was still active on the cygwin list early November), then we can talk
> about taking over maintainership, if that's an option for you.
Dear Corinna, *,
Taking over is not really an option for me, as I don't mean to commit to
Cygwin-related projects, or take maintainership from anyone (including Jason).
I also don't want to become YAMWHTLT (yet another maintainer who has too little
time).
In this particular case, I've attempted to deal with end user pain that surfaced
on the fetchmail-users@ list. There have been more than 60 bug fixes to
fetchmail 6.3.18 since 6.3.9, and I've mentioned the vulnerabilities.
CVE-2009-2666 is quite serious, it can betray passwords. The authentication
issue (EN 2010 03) is also quite impractical, it harms interaction with newer
Exchange 2007 and 2010 versions. CVE-2009-2666 has been fixed for long.
Just to explain my background a bit more, and acknowledging the differences
between projects -- in FreeBSD third-party ports, there is a policy [1] that
developers ("committers", i. e. those with CVS write access) can perform minor
updates (such as patchlevel, bug fixes, ...) even without maintainer consent
after two weeks. I wonder if it might be an option that Cygwin establishes
similar policies to deal at least with critical bugs in packages, or establishes
the concept of a "shared maintainer" or "also permitted to upload minor
updates".
Best regards
Matthias
----------------------------
[1] references:
http://www.freebsd.org/portmgr/policies.html
http://www.freebsd.org/portmgr/policies_contributors.html#pr_timeout
--
Matthias Andree
