On Thu, Jan 23, 2014 at 09:23:49AM +0000, "Jóhann B. Guðmundsson" wrote:
"A*lot* of those applications haven't seen an upstream
release in
half a decade"
Which poses security risk and bugs not being dealt and bad end user
experience if our end user base chooses to install it.
( because if they were actually being maintained here with us those
fixes would have found it's way upstream and new releases been made
right ).
So, one possibility would be to move less-maintained packages to a separate
repository tree still included as Fedora and enabled by default (but maybe
removed from any references in comps). That could serve as a signal to both
users (who could see that the package comes from a different place) and
maintainers (who wouldn't have their package just _dropped_). And it would
make it more obvious when packages that are maintained have
possibly-dangerous dependencies on unmaintained ones.
I'm not sure the benefits of that are worth the effort, but if someone is
interested in working on it, it could be worth exploring.
But clearly you dont understand that.
Jóhann, please review Fedora Code of Conduct:
http://fedoraproject.org/code-of-conduct. Let's keep this conversation both
civil and focused on the issue itself.
--
Matthew Miller -- Fedora Project -- <mattdm(a)fedoraproject.org>