Source: xca Severity: important
X-Debbugs-CC: m...@qa.debian.org The xca source package has not been updated in some time, and more recent bugs have NOT received a reply from the maintainer on the BTS nor any activity on the maintainer's behalf. This is evidenced by the following items to be used as justification: --- === BUG HANDLING === https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863412 - as stated in here, RFC 5280 is not precise about UTF8 or PRINTABLESTRING and therefore the statement of "sorry for the noise" by the bug submitter suggests that this is no longer an issue - this should've been closed by maintainer, back in 2017. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928678 - my bug from May indicating two additional packages needing added to enable Remote DB support has received no reply from the Maintainer, though via direct email they indicated "I will reply to your bug" and never did. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927233 - also my bug but back in April, regardless of Debian being in freeze, the maintainer never acknowledged this bug. Nor has there been any movement on the package since November of 2018 generally. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896891 from April 2018 received no responses or acknowledgement from the Maintainer. It also contains a patch which was never acted on to fix a cross-build-from-source problem which resulted in an FTBFS due to hardcoded pkg-config in configure.ac. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815548 from 2016 never received a response either from the maintainer, and Maintainer was 'active' during that time. This also includes a *patch* for the old version with this problem and that was NEVER addressed. === Upstream Versions Not Uploaded in Debian === The last actual upload of XCA to the Debian repositories of Unstable was done in July of 2018. It then migrated two weeks later to Testing, however there was later an upstream release in November of 2018 that was never updated to. === Packaging Problems Unresolved === As shown in packages.qa.debian.org and tracker.debian.org, vcswatch can't reach the 'git' repository in use by Tino. This 404s perpetually and suggests that Tino is not updating the packaging to reflect changes in their Git repository functionalities. DUCK confirms this, that Vcs-Git is bad and the repository is nonexistent. This has been failing since at least June. This package may also be a prime candidate to be included in Salsa as well. Further, this VCS repository is NOT the proper Upstream VCS repository - Upstream has a VCS repository on GitHub that should be used here: https://github.com/chris2511/xca/ The package as-is is also using an out of date Homepage entry. XCA upstream has indicated that https://hohnstaedt.de/xca/ is the proper Home Page now. === Minimal or No Response to Inquiries === A couple of months ago, I reached out to the MIA team and Tino. From my initial inqurity on May 8, 2019, it took a *second* email that was CC'd to the MIA team to get Tino to reply to me on May 20th, when they promised to address the bugs I indicated. It is now July 10th, almost 2 months later, without any acknowledgement on bugs, nor any follow-up contacts. --- Given this list of problems identified in the xca source package AND the nonresponsiveness of Tino in this matter, I would like to propose that this package is in need of Salvaging, and would like to take over maintainership of this package, or if Tino still desires to maintain this package, to become co-maintainer of this package if possible. (I have included the MIA team in the CC because I believe Tino is not active enough to continue maintainership of this package) Please note that downstream in a PPA I have also updated the XCA packaging [1] and source from upstream and it works without issues, if you need evidence that I am alive, active, and indeed can maintain the package myself. My keys are not yet in Debian's keyrings; therefore I would be having any uploads I utilize sponsored initially. If necessary, I can find a sponsor for this. I can also get this NMU'd and sponsored if needed, containing the newer upstream revisions and also the proper packaging changes to make this package 'clean' and to address some of the other warnings. (NOTE: This email has been SIGNED with my Public PGP Key ending in C26ADDDD and that can be obtained from the SKS Key Servers shortly as it has just been uploaded to the keyservers, or from the Ubuntu Key Server [2].) Thomas Ward [1]: https://launchpad.net/~teward/+archive/ubuntu/xca [2]: https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=index&search=0x5792F66164D057EFC6D06FAF5B8AD6F4C26ADDDD
signature.asc
Description: OpenPGP digital signature
