Source: less Severity: important X-Debbugs-Cc: Milan Kupcevic <mi...@debian.org>
Milan, Although you're still somewhat active in Debian (e.g. on src:simulide), you appear to be busy, which is understandable and common. I'd like to help maintain src:less by either joining as a co-maintainer in Uploaders or adopting the package as its primary Maintainer (and keeping you in Uploaders unless you disagree). In my Salsa fork[1] I have already updated to the latest upstream release version 643, noting five fixed Debian bugs including one CVE. Then I backported four upstream patches: one for the other CVE (patch required changes to apply), one to fix a Debian FTBFS bug, and two trivial patches (one authored by me and accepted upstream) to fix lintian warnings introduced in the new upstream version. I also reverted an upstream change that broke tests, but this should be investigated further to fix upstream. Finally, I updated debian/copyright, Rules-Requires-Root, and debhelper-compat, which all cleared some existing lintian tags. I plan to also apply some lesspipe etc. patches from the BTS and from another Salsa fork, as well as forward upstream debian/patches/* (and maybe at least one patch from the BTS). Also on the BTS there are some old fixed bugs that can be closed and some that could maybe be fixed. I am not a DD or DM however, so I will need you or another DD to grant[2] me access to debian/less.git and to sponsor uploads. I may also be interested in helping maintain src:gzip and/or src:avrdude in the future (I don't use any of your six other packages), but for now I'm focusing on src:less as the most critical package. If I don't see a response here or other activity on src:less by you within the next week or so, I will retitle this bug report to an ITS. I will consider this first message the start of the 21 days specified in developers-reference[3] (during which you're welcome to object to salvaging) before seeking a sponsor for a DELAYED/7 upload with me as Maintainer and you in Uploaders. Although the CVE bugs (now marked grave severity) may justify uploading sooner, perhaps as an NMU initially. I believe src:less is eligible[4][5] for salvaging given the lack of maintainer uploads or VCS commits in over a year, three new upstream release versions not packaged for almost three years, several bug reports with no maintainer activity[6] in over two years[7], two CVEs (#1064293 and #1068938), an arguable DFSG violation (#1063501), and several patches in the BTS (including #1060420 applied upstream). [1]: https://salsa.debian.org/pehjota/less [2]: https://wiki.debian.org/Salsa/Doc#Collaborative_Maintenance:_.22Debian.22_group [3]: https://www.debian.org/doc/manuals/developers-reference/pkgs.html#how-to-salvage-a-package [4]: https://www.debian.org/doc/manuals/developers-reference/pkgs.html#when-a-package-is-eligible-for-package-salvaging [5]: https://wiki.debian.org/PackageSalvaging [6]: https://bugs.debian.org/cgi-bin/pkgreport.cgi?archive=both;correspondent=milan%40debian.org;ordering=raw;src=less [7]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004383;msg=7 -- Patrick "P. J." McDermott: http://www.pehjota.net/ Lead Developer, ProteanOS: http://www.proteanos.com/ Founder and CEO, Libiquity: http://www.libiquity.com/
