On Thu, Jan 23, 2014 at 09:23:49AM +0000, "Jóhann B. Guðmundsson" wrote: > "A*lot* of those applications haven't seen an upstream release in > half a decade" > Which poses security risk and bugs not being dealt and bad end user > experience if our end user base chooses to install it. > ( because if they were actually being maintained here with us those > fixes would have found it's way upstream and new releases been made > right ).
So, one possibility would be to move less-maintained packages to a separate repository tree still included as Fedora and enabled by default (but maybe removed from any references in comps). That could serve as a signal to both users (who could see that the package comes from a different place) and maintainers (who wouldn't have their package just _dropped_). And it would make it more obvious when packages that are maintained have possibly-dangerous dependencies on unmaintained ones. I'm not sure the benefits of that are worth the effort, but if someone is interested in working on it, it could be worth exploring. > But clearly you dont understand that. Jóhann, please review Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct. Let's keep this conversation both civil and focused on the issue itself. -- Matthew Miller -- Fedora Project -- <mat...@fedoraproject.org> -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
