On Tue, Sep 20, 2016 at 12:00 PM, Michael Mol <mike...@gmail.com> wrote: > On Friday, September 16, 2016 09:54:42 PM Duncan wrote: >> >> Why treeclean it, if it still works and can still be built against in- >> tree python? >> >> Sometimes mature packages don't get further maintenance because they >> "just work" as they are, and don't _need_ to eventually be bloated to >> include email and browsing functionality or whatever. >> >> Of course if it requires old python and eventually the last supported in- >> tree python is being removed, and nobody steps up to update it then, >> /then/ it should be removed from the tree as it'll be broken /then/, but >> that's not the case now, as Hanno explicitly said it still seems to work. > > It needs a maintainer. Are you offering? > > Packages without maintainers anywhere along the line (either local or > upstream) risk having security vulnerabilities go unfixed (or even > unacknowledged) simply from having nobody who actually cares about the > package. Very little "just works", even if it appears to, after a decade or > two of little to no modifications or maintenance, if only because hidden > assumptions the software makes about its environment cease to hold true.
This is a general statement that could apply to any package, but in general it is not a policy that packages must be treecleaned simply because they're unmaintained. I'm all for removing packages as soon as they become a burden but not before. > So long as it continues to "just work", the work involved in being a proxy > maintainer should be next to nil. This is silly. It just encourages people to put their name down and not touch the package simply so that it doesn't get treecleaned. Heck, I've done this, maintaining one package that I don't think I've made a single commit to since I rescued it from treecleaning. If it ever becomes a burden on somebody else I'll happily remove it. It just seems silly, and it might actually reduce the incentive for somebody else to step up and actually maintain it because it doesn't go on list of maintainer-needed packages. In this way the rush to treeclean stuff that works actually results in stuff that is LESS maintained but still in the tree. -- Rich
