EPEL Orphaned packages with vulnerabilities

Karel Volný kvolny at redhat.com
Mon Aug 11 14:58:17 UTC 2014

>> you really haven't wondered for too long, now, in the middle 
>> of summer when folks are on vacations, did you?
> Which folks, exactly?

so, you want me to append the list of Flock attendants for example, or what 
is this question about?

> These were all orphaned packages so no one was working on them.

are you trying to imply that only package owners can be interested in what 
happens with those packages?

- I guess the broken dependencies and the bugreport I've mentioned earlier 
prove the exact opposite

> I requested releng to do *something* and the something they did 
> was to retire the package.

don't be alibistic

"Could someone update this package or *remove* the package from the repos?"
doesn't sound just like "something"

> In response to that I closed all the tickets that were still open for 
> package.

I just wonder, if these had been opened for three years, why there was so 
great urgency to close the bugs now, immediately?

now I see you even filed the ticket *before* sending out the email ... is 
this how the "collaboration" works today, you "just don't know" but act 
before anyone has even the chance to answer?

> Perhaps you can un-retire the package(s) and maintain them?

why should I fix things *you* broke?


Karel Volný
QE BaseOs/Daemons Team
Red Hat Czech, Brno
tel. +420 532294274
(RH: +420 532294111 ext. 8262074)
xmpp kavol at jabber.cz
:: "Never attribute to malice what can
::  easily be explained by stupidity."

More information about the epel-devel mailing list