Re: xpdf removed from testing?

To: debian-devel@lists.debian.org
Subject: Re: xpdf removed from testing?
From: Neil Williams <codehelp@debian.org>
Date: Mon, 13 Jan 2014 17:50:56 +0000
Message-id: <[🔎] 20140113175056.421c54c2@sylvester.codehelp>
In-reply-to: <[🔎] 1389633561.20551.66.camel@s1499.it.kth.se>
References: <[🔎] 1389631101.20551.60.camel@s1499.it.kth.se> <[🔎] 20140113165956.35382bca@sylvester.codehelp> <[🔎] 1389633561.20551.66.camel@s1499.it.kth.se>

On Mon, 13 Jan 2014 18:19:21 +0100
Svante Signell <svante.signell@gmail.com> wrote:

> On Mon, 2014-01-13 at 16:59 +0000, Neil Williams wrote:
> > On Mon, 13 Jan 2014 17:38:21 +0100
> > Svante Signell <svante.signell@gmail.com> wrote:
> 
> > > I like that program very
> > > much. For which reasons, in addition to the 7 RC bugs, a dead
> > > upstream?
> > 
> > That's 7 entirely sufficient reasons and one problem that arguably
> > makes fixing the other seven harder. So 7.5 reasons to remove it
> > from testing.
> 
> OK; OK, I understand completely. As a follow-up: according to popcon
> there are about 10 000 installations of that package. Any
> interest/chance that patches will help re-introduce this package, or
> is it just a waste of effort? What is the opinion of the maintainers?

As a maintainer (upstream & Debian) for one package using PDF
documents, I see all PDF tools as vulnerable to security problems and
all have relatively long lists of dependencies which keep moving ahead.

A dead upstream is a indication of several things:

0: The upstream maintainers have lost the will to fight the tide of bugs

1: The Debian maintainer does not have the time / desire to take on the
upstream role on top of everything else

2: patches just for Debian are not going to get testing elsewhere and
patches from elsewhere will be hard to integrate (that is upstream's
job)

3: even if some RC bugs are fixed, the lack of upstream makes it hard
to see how future ones will get fixed.

4: the code probably hides some nasty, ugly assumptions and hacks which
is why upstream gave up on it in the first place

So, yes. 9 times out of 10 all of this will be a complete waste of
effort for everyone concerned, most of all for the users wanting bugs
fixed.

Been there, done that - all that happened was that I kept a broken
package hobbling along for another two stable releases, overall code
quality falling with every release, until I removed it from Debian
entirely.

If my package had even a few of the RC bugs affecting xpdf, I would
have removed it from unstable long, long ago, let alone just testing.

Remove it now. If a *team* magically appears, then maybe code quality
could improve. A single person doing the upstream role will rarely have
enough time to actually improve code quality.

As a user who seems to care about the package, don't you actually want
to use a package where someone would have responded to the bugs? How
would you feel if you had filed one or two of those RC bugs?

-- 

Neil Williams
=============
http://www.linux.codehelp.co.uk/

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- xpdf removed from testing?
  - From: Svante Signell <svante.signell@gmail.com>
- Re: xpdf removed from testing?
  - From: Neil Williams <codehelp@debian.org>
- Re: xpdf removed from testing?
  - From: Svante Signell <svante.signell@gmail.com>

Prev by Date: Re: xpdf removed from testing?
Next by Date: Re: xpdf removed from testing?
Previous by thread: Re: xpdf removed from testing?
Next by thread: Re: xpdf removed from testing?
Index(es):
- Date
- Thread