Date: Sat, 1 Oct 2016 09:59:09 +1000 From: Peter Jeremy <peter@rulingia.com> To: FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: Re: Google Code as an upstream is gone Message-ID: <20160930235909.GA84903@server.rulingia.com> In-Reply-To: <CAN6yY1sypD6ZC4zAL0%2BQBJiBH-WJ8r5d1_S-vWTFuxn87wfDgA@mail.gmail.com> References: <2047d7fd-1849-6008-5be1-5fb3d1aa0661@FreeBSD.org> <slrnnuqbaq.2tlc.naddy@lorvorc.mips.inka.de> <3e59578a-8556-111a-f3d4-0e641a50043e@FreeBSD.org> <20160929165700.GA33046@lorvorc.mips.inka.de> <CAN6yY1sypD6ZC4zAL0%2BQBJiBH-WJ8r5d1_S-vWTFuxn87wfDgA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--3MwIy2ne0vdjdPXF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2016-Sep-29 16:33:12 -0700, Kevin Oberman <rkoberman@gmail.com> wrote: >On Thu, Sep 29, 2016 at 9:57 AM, Christian Weisgerber <naddy@mips.inka.de> >wrote: > >> Mathieu Arnold: >> >> > If the software has not been moved to some other place, (it takes about >> > 30 seconds to click the automatic migration to github thing, and it is >> > usually done within the hour,) since march 2015, it is most likely >> > abandoned and should not be kept in the ports tree. That seems a very reasonable policy. Unmaintained software is a danger to the Internet community as a whole and if, after 18 months, a "maintainer" hasn't bothered to take action to move the software to somewhere where it can be supported then it rates as "unmaintained". >> In the past, if the upstream was gone and the maintainer judged the >> software still useful (at their discretion, not based on a cut-off >> date), they would even fall back to providing the distfile at >> people.freebsd.org. The maintainer is still free to do so. "Maintainership" includes responding to changes within a reasonable period (hence "maintainer timeout"). >This was simply a terrible idea and I would hope that the ports team would >clearly so state and back out the "BROKEN" from those ports. As others are >pointing out, lot of very old and stable code has gone over a year without >updating. I think globally marking all ports that fetch from code.google.com as BROKEN is an excellent idea. There's a massive difference between "old and stable" and "unmaintained". The latter means that no-one cares if the code has security vulnerabilities. Just because code is "old and stable" doesn't mean the code is completely bug-free and a reasonable maintainer would take steps to ensure that the code could be updated if needed. >One case of import to me was mp4v2, a library for making MP4v2 formatted =2E.. >source library for version 2 of the MP4 spec. Yet, because it had Google >Code as it's repo and had not been updated in just over a year, BROKEN. The last commit to mp4v2 in code.google.com was 2015-Jan-06 - nearly 21 months ago. >(That has now been fixed sue to several people yelling loudly about its >import. That is an issue you should take up with the port's maintainer. >I am sure that ports contains many old, buggy, insecure ports that should >go away, but a standard of "over year without a commit" should not be a >metric for determining what goes away. IMO, "over 18 months without a commit and not able to be updated if require= d" seems a quite reasonable metric for deeming code "abandonware". --=20 Peter Jeremy --3MwIy2ne0vdjdPXF Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJX7vxMXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFRUIyOTg2QzMwNjcxRTc0RTY1QzIyN0Ux NkE1OTdBMEU0QTIwQjM0AAoJEBall6Dkogs0s80P/2M3N0+7QLSok24eSs75fhj3 GHD59yGZSJoFO8EUvQmK8EeZuXRE1W0Xx8ExSC+L0aFzb1zYrB5oPoM3jMc5qXAW 6HQcDATuy1zYLi8AcSQsXWErLb+F9xEEjVxzK3ge4WEweFG40KhOVOInD3otXrtz UPUBJ0Cc3ktRfZ9XCdAHOJblhhm+rk5ssrzHYV8WE3miZGA4eZGIEjdN5T0iDtdC tkp/CABRlPJb13FOUm1y0TAOnLknD5qJG58tJpA27W87cR2umZ9OfwZFA4yilzww cD1H0iY70RS9pLoLNmqiRXrKwheuw7ZEY0c0rqYm7CD6uQUMnuAXsN8AZcVvtHnm Ur48zpdLXT5F29+g2nEgecMCTxA7Eph6rPFYIWGjHxTBx+/gOqCXtLP7Epzrg4cE kaj8244aa9xNbK3oKuKehdbZtNfvbDxeea47cmV9IDNt4LY3kzvWvmLJOppA5I51 2cRVFSZs3AH3jQw6k8TEhRSXo8PC1igBq7LtChFdlPY4RkHvGxfk/WJk56L/wiKd 5J6zPa1ekfmCb4nx8DaS+yFt7eGB3gH9JA7yecJu8jobfemSWVJLjooE5iEAstZ6 aCZ1cJLmzHiRxOvAwLz2SN3UqMJzUz3DGLkKSigc7IAGDY+T7rO3WiLA7KVQiwYE G7fWvKNjAr1+91xp4lJR =okFa -----END PGP SIGNATURE----- --3MwIy2ne0vdjdPXF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160930235909.GA84903>