Hi, Does anyone have any thoughts on judging whether a package is sufficiently maintained to be added?
We all know that adding more packages increases the already difficult maintenance level we face. AFAIK our stance is to be an broadly open to letting in new packages as long as they meet the code quality standards. While I personally think we could do with fewer packages [0], I also don't like seeing contributions go to waste - these tend to be new packages. One area I can't see guidance on is considered whether an upstream is sufficiently active and maintained to add the package? To be concrete I looked at a contribution to add fwknop: https://codeberg.org/guix/guix/pulls/948 This is an old code-base which exists in many other distributions [1], but the maintainer is not as active (understandably after years!), so there are now lots of old PR's [2] and issues asking if the project is abandoned [3]. I wouldn't necessarily argue that security code should be changing that often so not accepting lots of PRs may be reasonable. But, equally this seems to be teetering on unmaintained. Also, from what I can tell this isn't a very popular approach to keeping services 'secret' these days, with the other project (a quick google search turned up) also being inactive and unmaintained [4]. So I'm not sure this package will be used by other users, even though for historical reasons it's in other distributions - equally I have no real clue about this area. So on balance I'm probably against accepting the package! But, maybe this is just my own bias against adding more showing up? What is the line when the project isn't that active? Anyone have any rules of thumb they use to decide if something should be accepted? Steve / Futurile [0] My personal opinion is we have far too many already and both developers and users would be better off with a more focused set. And that we should implement the ArchLinux like user community repository which would provide a place for a wider set. [1] https://formulae.brew.sh/formula/fwknop#default, https://gitlab.archlinux.org/archlinux/packaging/packages/fwknop/-/blob/main/PKGBUILD?ref_type=heads, https://src.fedoraproject.org/rpms/fwknop/blob/rawhide/f/fwknop.spec [2] https://github.com/mrash/fwknop/pulls [3] https://github.com/mrash/fwknop/issues/344 [4] https://github.com/jvinet/knock/issues/47#issuecomment-812926380
