need help with a package
Jon VanAlten
jon.vanalten at redhat.com
Tue Nov 27 02:50:27 UTC 2012
----- Original Message -----
> From: "Alexander Aristotle Davis" <aadavis1 at learn.senecac.on.ca>
> To: devel at lists.fedoraproject.org
> Sent: Monday, November 26, 2012 8:03:17 PM
> Subject: need help with a package
>
> Hi,
>
> A package called rssh has been marked as duplicate on Bugzilla and I
> am
> working on a 2.3.3 version and would like to update it to a new
> release. Could you please inform me why this package have been
> orphaned.
Hi Alex,
First, welcome to Fedora-land
A little bit of searching goes a long way! It seems the prior
maintainer orphaned it because it is dead upstream, contains a
known security flaw, upstream doesn't want to put effort into it,
and the old maintainer has no wish to fix the bug himself or
herself[1][2]. So, there in fact is no new release for this
software; the packages currently in fedora are the most current
version.
If you'd like to keep the package alive, I'd focus first on
fixing the security bug; getting the changes into the Fedora
package will be a simple matter, and you can get help for that
here when the time comes If you have a fix for the security
bug, you may even be able to convince some existing maintainer
to adopt the package, with some assurance that you'll continue
to support it if other bugs are found.
In order for you to take over package maintenance yourself, you
will need to join the packager group[3]. If you want to get
sponsored by adding a new package to fedora, you'll have to find
a different one than rssh since (as you've found out) this
already exists in Fedora.
One comment about the spec you posted for review[4], even though
package review is not what is needed here I had a look anyways.
It seems like the main difference from existing spec in git is
the change in URL. I'll just point out that, even though upstream
is not actively developing this software, changing the URL from
the upstream page to an empty wiki page seems not to be the best
idea.
Good luck!
jon
[1] http://lists.fedoraproject.org/pipermail/devel/2012-May/166874.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=820415
[3] https://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group
[4] https://bugzilla.redhat.com/show_bug.cgi?id=879954
More information about the devel
mailing list