On Thu, Jul 7, 2016 at 8:50 AM, J. Roeleveld <jo...@antarean.org> wrote:
> On Thursday, July 07, 2016 06:37:09 AM Duncan wrote: > > J. Roeleveld posted on Wed, 06 Jul 2016 20:22:57 +0200 as excerpted: > > > On Thursday, June 30, 2016 10:30:07 PM Aaron Bauman wrote: > > >> # Aaron Bauman <b...@gentoo.org> (30 Jun 2016) > > >> # Unpatched security vulnerability per bug #509920. > > >> # Removal in 30 days www-apps/egroupware > > > > > > Why is this bug being used to treeclean egroupware? > > > > > > Why is bug 461212 not being used to actually resolve the issue? > > > If I would actually be confident that it would actually be used, I > would > > > have no issue on trying to get my latest ebuild ( version 14.3.20160525 > > > ) converted to the latest standards. > > > > According to equery meta, egroupware has no individual developer > > maintainer and no proxied maintainer, only the webapps project as > > maintainer. And apparently there, nobody has been specifically > > interested in egroupware, so it has fallen thru the cracks to some > > degree, tho newer versions /may/ be in the webapps-experimental overlay. > > I tried contacting the web-apps project directly, but never received a > reply. > > > Here's the webapps project wiki page: > > > > https://wiki.gentoo.org/wiki/Project:Webapps > > > > That has this to say when discussing the overlay, quote: > > > .... > > > > The overlay can be found here: > > https://cgit.gentoo.org/proj/webapps-experimental.git/ > > Last commit in 2011. > > > Warning > > Please remember that the applications available through the overlay might > > compromise the security of your server! > > > > The overlay is an ideal playground for new developers wishing to join our > > team. Once we see that you are capable of writing ebuilds of reasonable > > quality, we can provide you with commit rights to the overlay. > > > > End quote. > > > > > > So it's possible newer versions are in the overlay, and they simply > > decided it was too much of a load to keep a version in the tree as well. > > > > If there /aren't/ newer versions in the overlay, presumably it's because > > nobody that has access has been interested in maintaining it in the > > overlay either. > > > > Either way, given your obvious interest, I'd suggest contacting them > > about overlay commit rights, and/or volunteering to be the proxied > > maintainer for this particular package. > > Is there a way of finding out who are actually in the web-app project and > which > of them would be able and willing to work with me on this and other web > applications that I actively use? > > From the lack of response to the email and lack of updates on the overlay, > the > project seems dead to me. > > -- > Joost > > > It's really sad to see a user wanting to keep up the ebuild and with no response from the webapps team. I can understand being busy, but by checking https://bugs.gentoo.org/show_bug.cgi?id=461212 it seems it's a long-term issue. Joost, please try to contact the proxy maintainers team and open a pull-request on github for the bump, that may be a way. Good luck.
