On Sun, Mar 4, 2018 at 10:14 AM, John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de> wrote: > Could you provide any references to bug reports which indicates > that there are problems with the xchat package which make it > unfit for release or violate against any of the points mentioned > in the Debian Policy?
1. "in the maintainer's opinion, makes the package unsuitable for release" [1] 2. "introduces a security hole on systems where you install the packages" [2] 3. Multiple copies of the same code base [3] 4. Although not specified in Debian Policy, I believe the Debian Project generally does not wish to see "unmaintainable" software in Debian, especially if there are maintainable alternatives. 5. I'm definitely nitpicking here, but the new Debian maintainer did not completely follow the Developers Reference practice for re-introducing a package by filing an ITP and CCing debian-devel. [4] Therefore, in my opinion, the Debian project never collectively agreed to xchat's reintroduction to Debian. > I don't think a rant posted on reddit by the author of a fork > is justified enough to ask for a package to be removed from > the archive. The author posted his opinion to his personal blog and did not directly start the reddit discussion. Also, that author is the subject matter expert here and I think we should give due deference to his understanding of the security issues present in xchat for which he did not seek CVE designations. > As long as there aren't any serious policy or security issues, > Debian usually doesn't impose any limitations on what packages > get maintained in the archive and which not. Yes, I'm well aware of your position since I've read the reddit discussion. However, your characterization of Debian's practice is inaccurate. For instance, I'm helping to remove hundreds of packages from Debian right now. The packages often are maintained more or less in Debian but have had no upstream development for years. [5] References -------------- [1] https://release.debian.org/buster/rc_policy.txt Specifically, Sven Hoexter, as acting Maintainer, made this determination in https://bugs.debian.org/811007 [2] https://release.debian.org/buster/rc_policy.txt [3] Somewhat addressed in Debian Policy § 4.13 and its footnote [4] § 5.9.6 and § 5.9.1 https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#reintroducing-pkgs Which also says "It may indicate that the best way forward is to switch to some other piece of software instead of reintroducing the package. " [5] https://lists.debian.org/debian-devel/2018/02/msg00169.html Thanks, Jeremy Bicha
