On 2022-11-04 08:34, Jon Turney wrote:
The second is not so clear: A package is orphaned if it's maintainer
is not responsive to queries as to if they still want to be the
maintainer of the package.
It's undefined how many times we should ping, or how long we should wait
for a response, but I think that the ~10 months that's elapsed here is
more than enough!
If the prospective adopter is also proposing an update that addresses
security vulnerabilities in the old package, I suggest that that, and
the severity and impact of those vulnerabilities be factored into the
timeout decision.
--
-Chad
