Beecrypt retired

Jeff Spaleta jspaleta at gmail.com
Thu Mar 13 17:55:36 UTC 2008


On Thu, Mar 13, 2008 at 9:30 AM, Patrice Dumas <pertusus at free.fr> wrote:
>  Network faced clients and servers have the same security issues. But this
>  doesn't allow to make oen for all decision regarding maintaining or not
>  this kind of packages in fedora. The maintainer may be skilled enough
>  and have enough time to substitute for the upstream. We cannot say it in
>  advance, and should leave it to the maintainer.

Then I would humbly suggest that maintainers who feel than can take up
that burden establish themselves as an upstream developer for a
project (or a fork).  I am loathe to see Fedora package maintainers
attempt to do the work of maintaining an otherwise dead library
codebase inside the Fedora packaging space.  This should be avoided.
If a package maintainer can re-establish an upstream development
process that is not run out of the fedora package cvs....then fine.

Though in this specific case, its not clear that beecrypt is actually
a dead codebase.  There's no evidence of it shutting down.  sf.net
shows at least one cvs write transaction in the last couple of months,
and several with in the last 12 months.  And it appears the main
developer has responded to a mailinglist thread from 2008.
Though there are patchsets sitting in the ticket que since last
summer. That's not an good sign, especially if this needs patching to
build with the new gcc.

-jef




More information about the devel mailing list