On Fri, 2004-01-09 at 10:40, Johannes Winkelmann wrote:
Hello, Hi,
I've discussed with Jürgen and Martin regarding unmaintained, and I now think that we should keep it and define a procedure to allow submission of changes back to it. This is because of the higher level of trust because someone from CLC at least _looked_ at it ("many eyes" as Martin called this). IMHO this is a very good argument. The important thing here is to make sure that applying submitted changes is really simple and that a lot of checks are done by scripts (e.g. footprints).
I just think we should first of all open unmaintained for contributions so people don't duplicate newer versions of these ports in their httpup repos. Then we should try to propagate httpup repositories with a certain standard (e.g. no dups). I could even imagine to have to kind of "clc-contrib" subproject, which fetches the httpup repositories from the respective httpup maintainers and serves it as a single httpup repo. This would also be the place to recruit new maintainers.
Of course, this is probably quite some work, and we lose the "many eyes" advantage.
Sorry for replying a little late, I was reading some comment about arch linux yesterday (don't remember where, sorry. Maybe osnews.com). I think they've a public Incoming collection or something similar; maintainers periodically check ports submissions and updates in this incoming collection and eventually transfer them to unmaintained. To me it sounds a nice system. The first maintainer that has some spare time could do a quick check on the incoming collection and transfer good ports. A question arise: what to check? Since after all that ports will be transferred to unmaintained (or 3rdparty or some other name), I suggest maintainers should only check for a couple of security aspects: - sources are retrieved from a proper url. - no malicious stuff in Pkgfile "build" function. IMHO If the port doesn't build or there are footprint issues we should leave the users / casual contributors the task to submit a patch to the packager or directly to the incoming dir.
And finally I'd keep the policy that ports from unmaintained should automatically lose their UNMAINTAINED tag when not touched for $SOME_TIME. Like this, only actively used ports remain in our collections. Of course, there should be a warning mail to a mailing list ("port XY is about to be removed from unmaintained").
Good idea, the only suggestion I have is to send a cumulative mail periodically (every x months) instead of each time a port is "expiring": Warning: the following ports will be removed: a,b,c...
Looking forward to some more comments, Best regards Johannes
I hope we can find some good implementation of the ideas coming up from this ML; I also hope to have some more time in a month or so* to give some help if needed. Regards, Simone -- Simone Rota WEB : http://www.varlock.com Bergamo, Italy MAIL: sip@varlock.com * My next exams dates: 26.01 - 28.01 - 30.01 - 02.02 - 04.02 - 05.02 more to come on Feb 07..21. sic.