On Thu, 21 Jan 2016 18:25:21 +0100 Kristian Fiskerstrand <k...@gentoo.org> wrote:
> On 01/21/2016 06:15 PM, Alexis Ballier wrote: > > On Thu, 21 Jan 2016 10:53:58 -0600 > > William Hubbs <willi...@gentoo.org> wrote: > > > >> I would like to see a possible timelimit set on how long packages > >> can stay in maintainer-needed; once a package goes there, if we > >> can't find someone to maintain it, we should consider booting it > >> after that time limit passes. > > > > Note that maintainer-needed doesn't necessarily mean package is > > crap. Some simply don't really need a maintainer because they just > > work. > > > > > > However it can cause complications when issues are detected, in > particular security relevant ones. Attaching a CSV of bugs assigned to > security with maintainer-needed CCed. > > e.g app-text/htmltidy has multiple reverse dependecies but is itself > maintainer needed with at least two vulnerabilities (bug 561452) > well, 'not ( forall x, x is m-n, x is crap )' and 'exists x, x is m-n, x is crap' don't necessarily disagree either :)
