[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: xpdf removed from testing?

On Mon, 13 Jan 2014 18:19:21 +0100
Svante Signell <svante.signell@gmail.com> wrote:

> On Mon, 2014-01-13 at 16:59 +0000, Neil Williams wrote:
> > On Mon, 13 Jan 2014 17:38:21 +0100
> > Svante Signell <svante.signell@gmail.com> wrote:
> > > I like that program very
> > > much. For which reasons, in addition to the 7 RC bugs, a dead
> > > upstream?
> > 
> > That's 7 entirely sufficient reasons and one problem that arguably
> > makes fixing the other seven harder. So 7.5 reasons to remove it
> > from testing.
> OK; OK, I understand completely. As a follow-up: according to popcon
> there are about 10 000 installations of that package. Any
> interest/chance that patches will help re-introduce this package, or
> is it just a waste of effort? What is the opinion of the maintainers?

As a maintainer (upstream & Debian) for one package using PDF
documents, I see all PDF tools as vulnerable to security problems and
all have relatively long lists of dependencies which keep moving ahead.

A dead upstream is a indication of several things:

0: The upstream maintainers have lost the will to fight the tide of bugs

1: The Debian maintainer does not have the time / desire to take on the
upstream role on top of everything else

2: patches just for Debian are not going to get testing elsewhere and
patches from elsewhere will be hard to integrate (that is upstream's

3: even if some RC bugs are fixed, the lack of upstream makes it hard
to see how future ones will get fixed.

4: the code probably hides some nasty, ugly assumptions and hacks which
is why upstream gave up on it in the first place

So, yes. 9 times out of 10 all of this will be a complete waste of
effort for everyone concerned, most of all for the users wanting bugs

Been there, done that - all that happened was that I kept a broken
package hobbling along for another two stable releases, overall code
quality falling with every release, until I removed it from Debian

If my package had even a few of the RC bugs affecting xpdf, I would
have removed it from unstable long, long ago, let alone just testing.

Remove it now. If a *team* magically appears, then maybe code quality
could improve. A single person doing the upstream role will rarely have
enough time to actually improve code quality.

As a user who seems to care about the package, don't you actually want
to use a package where someone would have responded to the bugs? How
would you feel if you had filed one or two of those RC bugs?


Neil Williams

Attachment: signature.asc
Description: PGP signature

Reply to: