[gentoo-dev] Re: Lastrite: games-fps/openarena
Dne 3.3.2010 12:32, Joshua Saddler napsal(a): On Wed, 03 Mar 2010 13:35:10 +0200 Samuli Suominen ssuomi...@gentoo.org wrote: # Samuli Suominen ssuomi...@gentoo.org (03 Mar 2010) # Masked for QA, security # # Internal copies of vuln. zlib, jpeg, speex and likely # others # # http://bugs.gentoo.org/show_bug.cgi?id=255453 # # Masked for removal in 60 days. games-fps/openarena Why? Why did you ignore the patches posted to the bug? Even Diego, the original reporter, commented that the patches fix the problems.[1] [1] http://bugs.gentoo.org/show_bug.cgi?id=255453#c4 One of the reasons I left the treecleaner project was that it became apparent that people were more interested in dumping packages with simple problems than fixing them (which believe it or not, was what treecleaner was formed to do). Now they call it QA. :) I'm all for dropping broken crap, but things people use with working patches attached? QA is also about getting that stuff applied. -- fonts,by design, by neglect gcc-porting, for a fact or just for effect wxwidgets @ gentoo EFFD 380E 047A 4B51 D2BD C64F 8AA8 8346 F9A4 0662 signature.asc Description: PGP signature
Re: [gentoo-dev] Re: Lastrite: games-fps/openarena
On 03/03/2010 02:58 PM, Ryan Hill wrote: Dne 3.3.2010 12:32, Joshua Saddler napsal(a): On Wed, 03 Mar 2010 13:35:10 +0200 Samuli Suominen ssuomi...@gentoo.org wrote: # Samuli Suominen ssuomi...@gentoo.org (03 Mar 2010) # Masked for QA, security # # Internal copies of vuln. zlib, jpeg, speex and likely # others # # http://bugs.gentoo.org/show_bug.cgi?id=255453 # # Masked for removal in 60 days. games-fps/openarena Why? Why did you ignore the patches posted to the bug? Even Diego, the original reporter, commented that the patches fix the problems.[1] [1] http://bugs.gentoo.org/show_bug.cgi?id=255453#c4 One of the reasons I left the treecleaner project was that it became apparent that people were more interested in dumping packages with simple problems than fixing them (which believe it or not, was what treecleaner was formed to do). Now they call it QA. :) I'm all for dropping broken crap, but things people use with working patches attached? QA is also about getting that stuff applied. And now you have good 60 days to apply and test the package, and co-ordinate it with upstream. Don't forget to add yourself to metadata.xml, as it's a non-trivial task. ;-)
Re: [gentoo-dev] Re: Lastrite: games-fps/openarena
I've remove the mask for games-fps/openarena. The mask was done without consulting the games team. On Wed, Mar 3, 2010 at 8:09 AM, Samuli Suominen ssuomi...@gentoo.org wrote: On 03/03/2010 02:58 PM, Ryan Hill wrote: Dne 3.3.2010 12:32, Joshua Saddler napsal(a): On Wed, 03 Mar 2010 13:35:10 +0200 Samuli Suominen ssuomi...@gentoo.org wrote: # Samuli Suominen ssuomi...@gentoo.org (03 Mar 2010) # Masked for QA, security # # Internal copies of vuln. zlib, jpeg, speex and likely # others # # http://bugs.gentoo.org/show_bug.cgi?id=255453 # # Masked for removal in 60 days. games-fps/openarena Why? Why did you ignore the patches posted to the bug? Even Diego, the original reporter, commented that the patches fix the problems.[1] [1] http://bugs.gentoo.org/show_bug.cgi?id=255453#c4 One of the reasons I left the treecleaner project was that it became apparent that people were more interested in dumping packages with simple problems than fixing them (which believe it or not, was what treecleaner was formed to do). Now they call it QA. :) I'm all for dropping broken crap, but things people use with working patches attached? QA is also about getting that stuff applied. And now you have good 60 days to apply and test the package, and co-ordinate it with upstream. Don't forget to add yourself to metadata.xml, as it's a non-trivial task. ;-)
Re: [gentoo-dev] Re: Lastrite: games-fps/openarena
Michael Sterrett mr_bon...@gentoo.org said: I've remove the mask for games-fps/openarena. The mask was done without consulting the games team. This is no reason to remove the mask. The games team had more than enough time to fix the package. I'll be adding the mask back as the package is vulnerable via multiple bundled libs and therefore shouldn't be in the tree. You can apply the patches if you want to keep it and remove the mask at that time. Thanks, -- Mark Loeser email - halcy0n AT gentoo DOT org email - mark AT halcy0n DOT com web - http://www.halcy0n.com signature.asc Description: Digital signature
Re: [gentoo-dev] Re: Lastrite: games-fps/openarena
On Wednesday 03 March 2010 18:29:13 Mark Loeser wrote: Michael Sterrett mr_bon...@gentoo.org said: I've remove the mask for games-fps/openarena. The mask was done without consulting the games team. This is no reason to remove the mask. The games team had more than enough time to fix the package. I'll be adding the mask back as the package is vulnerable via multiple bundled libs and therefore shouldn't be in the tree. You can apply the patches if you want to keep it and remove the mask at that time. Thanks, This thread is yet another proof that we need to introduce a Upcoming masking for unmaintained packages. Instead of first masking a package and then announce it, we can simply announce that we are gonna mask the package in 10days if there is no activity on the respective bug -- Markos Chandras (hwoarang) Gentoo Linux Developer Web: http://hwoarang.silverarrow.org signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Re: Lastrite: games-fps/openarena
On Wed, Mar 3, 2010 at 8:59 AM, Markos Chandras hwoar...@gentoo.org wrote: On Wednesday 03 March 2010 18:29:13 Mark Loeser wrote: Michael Sterrett mr_bon...@gentoo.org said: I've remove the mask for games-fps/openarena. The mask was done without consulting the games team. This is no reason to remove the mask. The games team had more than enough time to fix the package. I'll be adding the mask back as the package is vulnerable via multiple bundled libs and therefore shouldn't be in the tree. You can apply the patches if you want to keep it and remove the mask at that time. Thanks, This thread is yet another proof that we need to introduce a Upcoming masking for unmaintained packages. sarcasm Shall I file those forms in triplicate and fax them to the main office sir? /sarcasm Since amazingly I actually started the Treecleaners project; the intent was actually to fix problems with packages. Part of the problem is that there are hundreds of packages in the tree and the fixes vary in complexity so it is difficult to create hard-and-fast rules on when to keep a package versus when to toss it. One of the things I like about masking is that it quickly gets people who actually care about the package up to bat to fix it instead of leaving it broken for months. I realize maintainers do not exactly enjoy this kind of poking, however when things have been left for long enough I believe our options become a bit more limited (in this case, masking for removal due to unfixed sec bugs.) Instead of first masking a package and then announce it, we can simply announce that we are gonna mask the package in 10days if there is no activity on the respective bug -- Markos Chandras (hwoarang) Gentoo Linux Developer Web: http://hwoarang.silverarrow.org
