On Mon, 13 Jan 2014 18:19:21 +0100 Svante Signell <svante.sign...@gmail.com> wrote:
> On Mon, 2014-01-13 at 16:59 +0000, Neil Williams wrote: > > On Mon, 13 Jan 2014 17:38:21 +0100 > > Svante Signell <svante.sign...@gmail.com> wrote: > > > > I like that program very > > > much. For which reasons, in addition to the 7 RC bugs, a dead > > > upstream? > > > > That's 7 entirely sufficient reasons and one problem that arguably > > makes fixing the other seven harder. So 7.5 reasons to remove it > > from testing. > > OK; OK, I understand completely. As a follow-up: according to popcon > there are about 10 000 installations of that package. Any > interest/chance that patches will help re-introduce this package, or > is it just a waste of effort? What is the opinion of the maintainers? As a maintainer (upstream & Debian) for one package using PDF documents, I see all PDF tools as vulnerable to security problems and all have relatively long lists of dependencies which keep moving ahead. A dead upstream is a indication of several things: 0: The upstream maintainers have lost the will to fight the tide of bugs 1: The Debian maintainer does not have the time / desire to take on the upstream role on top of everything else 2: patches just for Debian are not going to get testing elsewhere and patches from elsewhere will be hard to integrate (that is upstream's job) 3: even if some RC bugs are fixed, the lack of upstream makes it hard to see how future ones will get fixed. 4: the code probably hides some nasty, ugly assumptions and hacks which is why upstream gave up on it in the first place So, yes. 9 times out of 10 all of this will be a complete waste of effort for everyone concerned, most of all for the users wanting bugs fixed. Been there, done that - all that happened was that I kept a broken package hobbling along for another two stable releases, overall code quality falling with every release, until I removed it from Debian entirely. If my package had even a few of the RC bugs affecting xpdf, I would have removed it from unstable long, long ago, let alone just testing. Remove it now. If a *team* magically appears, then maybe code quality could improve. A single person doing the upstream role will rarely have enough time to actually improve code quality. As a user who seems to care about the package, don't you actually want to use a package where someone would have responded to the bugs? How would you feel if you had filed one or two of those RC bugs? -- Neil Williams ============= http://www.linux.codehelp.co.uk/
signature.asc
Description: PGP signature
