Google Code as an upstream is gone
Peter Jeremy
peter at rulingia.com
Fri Sep 30 23:59:34 UTC 2016
On 2016-Sep-29 16:33:12 -0700, Kevin Oberman <rkoberman at gmail.com> wrote:
>On Thu, Sep 29, 2016 at 9:57 AM, Christian Weisgerber <naddy at mips.inka.de>
>wrote:
>
>> Mathieu Arnold:
>>
>> > If the software has not been moved to some other place, (it takes about
>> > 30 seconds to click the automatic migration to github thing, and it is
>> > usually done within the hour,) since march 2015, it is most likely
>> > abandoned and should not be kept in the ports tree.
That seems a very reasonable policy. Unmaintained software is a danger to
the Internet community as a whole and if, after 18 months, a "maintainer"
hasn't bothered to take action to move the software to somewhere where it
can be supported then it rates as "unmaintained".
>> In the past, if the upstream was gone and the maintainer judged the
>> software still useful (at their discretion, not based on a cut-off
>> date), they would even fall back to providing the distfile at
>> people.freebsd.org.
The maintainer is still free to do so. "Maintainership" includes responding
to changes within a reasonable period (hence "maintainer timeout").
>This was simply a terrible idea and I would hope that the ports team would
>clearly so state and back out the "BROKEN" from those ports. As others are
>pointing out, lot of very old and stable code has gone over a year without
>updating.
I think globally marking all ports that fetch from code.google.com as
BROKEN is an excellent idea. There's a massive difference between "old and
stable" and "unmaintained". The latter means that no-one cares if the code
has security vulnerabilities. Just because code is "old and stable" doesn't
mean the code is completely bug-free and a reasonable maintainer would take
steps to ensure that the code could be updated if needed.
>One case of import to me was mp4v2, a library for making MP4v2 formatted
...
>source library for version 2 of the MP4 spec. Yet, because it had Google
>Code as it's repo and had not been updated in just over a year, BROKEN.
The last commit to mp4v2 in code.google.com was 2015-Jan-06 - nearly 21
months ago.
>(That has now been fixed sue to several people yelling loudly about its
>import.
That is an issue you should take up with the port's maintainer.
>I am sure that ports contains many old, buggy, insecure ports that should
>go away, but a standard of "over year without a commit" should not be a
>metric for determining what goes away.
IMO, "over 18 months without a commit and not able to be updated if required"
seems a quite reasonable metric for deeming code "abandonware".
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20161001/ee1245fb/attachment.sig>
More information about the freebsd-ports
mailing list