Quake3 security issue and non-responsive maintainer: Xavier Lamien

Thomas Spura tomspur at fedoraproject.org
Tue May 11 20:03:57 UTC 2010

Am Dienstag, den 11.05.2010, 17:47 +0800 schrieb Chen Lei:
> 2010/5/11 Rahul Sundaram <metherid at gmail.com>
>         Hi
>         https://admin.fedoraproject.org/pkgdb/acls/bugs/quake3
>         Quake 3 engine needs to be updated.  The current version has
>         security
>         issues and breaks multiplayer in a couple of Quake3 based
>         games such as
>         OpenArena.  The maintainer has not responded in bugzilla since
>         March and
>         has not responded to private email either.  I would like to
>         invoke the
>         fast track process.   Meanwhile, I will be much obliged if
>         someone
>         updates Quake 3 to the latest version available and push out
>         updates for
>         Fedora 13 and 12.
> It seems a lot of trivial packages in fedora are unmaintained for a
> long time, even those maintainers may still be active in fedora
> community.  Maybe setting up an automatic orphan policy combining with
> a package QA page is necessary now.

A big +1!

Gentoo has the same [1]:
"Any developer suspected to be inactive for a period in excess of 60
days may be subject to retirement. Developer Relations will first
research and assess the situation, attempt to contact the developer, or
if attempts are unsuccessful may chose to retire the developer. Please
note that if you are in devaway for more than 60 days, you may also be
considered inactive, however, return dates will be taken into
consideration. If you are retired due to inactivity and wish to return,
you need only contact Recruiters to begin the recruitment process again.


More information about the devel mailing list