Date: Sat, 1 Oct 2016 08:03:22 +0000 From: Grzegorz Junka <list1@gjunka.com> To: freebsd-ports@freebsd.org Subject: Re: Google Code as an upstream is gone Message-ID: <9cd06059-a707-6583-79d7-fbd36bd2c977@gjunka.com> In-Reply-To: <20160930235909.GA84903@server.rulingia.com> References: <2047d7fd-1849-6008-5be1-5fb3d1aa0661@FreeBSD.org> <slrnnuqbaq.2tlc.naddy@lorvorc.mips.inka.de> <3e59578a-8556-111a-f3d4-0e641a50043e@FreeBSD.org> <20160929165700.GA33046@lorvorc.mips.inka.de> <CAN6yY1sypD6ZC4zAL0%2BQBJiBH-WJ8r5d1_S-vWTFuxn87wfDgA@mail.gmail.com> <20160930235909.GA84903@server.rulingia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30/09/2016 23:59, Peter Jeremy wrote: > On 2016-Sep-29 16:33:12 -0700, Kevin Oberman <rkoberman@gmail.com> wrote: >> On Thu, Sep 29, 2016 at 9:57 AM, Christian Weisgerber <naddy@mips.inka.de> >> wrote: >> >>> Mathieu Arnold: >>> >>>> If the software has not been moved to some other place, (it takes about >>>> 30 seconds to click the automatic migration to github thing, and it is >>>> usually done within the hour,) since march 2015, it is most likely >>>> abandoned and should not be kept in the ports tree. > That seems a very reasonable policy. Unmaintained software is a danger to > the Internet community as a whole and if, after 18 months, a "maintainer" > hasn't bothered to take action to move the software to somewhere where it > can be supported then it rates as "unmaintained". > >>> In the past, if the upstream was gone and the maintainer judged the >>> software still useful (at their discretion, not based on a cut-off >>> date), they would even fall back to providing the distfile at >>> people.freebsd.org. > The maintainer is still free to do so. "Maintainership" includes responding > to changes within a reasonable period (hence "maintainer timeout"). > >> This was simply a terrible idea and I would hope that the ports team would >> clearly so state and back out the "BROKEN" from those ports. As others are >> pointing out, lot of very old and stable code has gone over a year without >> updating. > I think globally marking all ports that fetch from code.google.com as > BROKEN is an excellent idea. There's a massive difference between "old and > stable" and "unmaintained". The latter means that no-one cares if the code > has security vulnerabilities. Just because code is "old and stable" doesn't > mean the code is completely bug-free and a reasonable maintainer would take > steps to ensure that the code could be updated if needed. > >> One case of import to me was mp4v2, a library for making MP4v2 formatted > ... >> source library for version 2 of the MP4 spec. Yet, because it had Google >> Code as it's repo and had not been updated in just over a year, BROKEN. > The last commit to mp4v2 in code.google.com was 2015-Jan-06 - nearly 21 > months ago. > >> (That has now been fixed sue to several people yelling loudly about its >> import. > That is an issue you should take up with the port's maintainer. > >> I am sure that ports contains many old, buggy, insecure ports that should >> go away, but a standard of "over year without a commit" should not be a >> metric for determining what goes away. > IMO, "over 18 months without a commit and not able to be updated if required" > seems a quite reasonable metric for deeming code "abandonware". > The fact that some source is hosted at a provider that doesn't close their services, like Google does (aka GitHub), doesn't make it "maintained". Is that your definition of "maintained", that the "the code could be updated if needed"? If yes, then I am happy to upload all "unmaintained" sources to my GitHub account where you can fork the repository for free and update "if needed". Grzegorz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9cd06059-a707-6583-79d7-fbd36bd2c977>