Quake3 security issue and non-responsive maintainer: Xavier Lamien

Daniel P. Berrange berrange at redhat.com
Wed May 12 08:29:40 UTC 2010

On Tue, May 11, 2010 at 05:47:48PM +0800, Chen Lei wrote:
> 2010/5/11 Rahul Sundaram <metherid at gmail.com>
> > Hi
> >
> > https://admin.fedoraproject.org/pkgdb/acls/bugs/quake3
> >
> > Quake 3 engine needs to be updated.  The current version has security
> > issues and breaks multiplayer in a couple of Quake3 based games such as
> > OpenArena.  The maintainer has not responded in bugzilla since March and
> > has not responded to private email either.  I would like to invoke the
> > fast track process.   Meanwhile, I will be much obliged if someone
> > updates Quake 3 to the latest version available and push out updates for
> > Fedora 13 and 12.
> >
> It seems a lot of trivial packages in fedora are unmaintained for a long
> time, even those maintainers may still be active in fedora community.  Maybe
> setting up an automatic orphan policy combining with a package QA page is
> necessary now.

IMHO this is approaching the problem in a rather negative way. We should not
be looking for ways to automatically orphan packages / kick out maintainers. 
A person might have particular  reasons for not being able to engage in 
Fedora for 3 or even 6 months, but still have a desire todo package maintenance
work in the long term. Automatically removing them from all packages is just
saying 'we dont want you' which will discourage them from every wanting to 
come back in the future. We should be focusing on ensuring that every package
has multiple assigned maintainers, so that if one is not able todo any work 
for a period there is  always at least 1 extra co-maintainer to take up the
slack (aside from provenpackagers general team). 

|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the devel mailing list