Re: Overall bitrot, package reviews and fast(er) unmaintained package removals

To: debian-devel@lists.debian.org
Subject: Re: Overall bitrot, package reviews and fast(er) unmaintained package removals
From: Felipe Sateler <fsateler@debian.org>
Date: Wed, 6 Apr 2016 15:27:48 +0000 (UTC)
Message-id: <[🔎] ne39tk$p5v$1@ger.gmane.org>
References: <[🔎] 1459894690.523675.570085321.670D5B53@webmail.messagingengine.com>

On Wed, 06 Apr 2016 00:18:10 +0200, Ondřej Surý wrote:

> Hey,
> 
> while doing some work on PHP transitions, saving courier-imap, finally
> packaging seafile since they finally stopped violating GPL, I found a
> quite a lot of bitrot in some (mostly leaf) packages. Packages untouched
> for years after initial upload, packages with unreachable maintainers,
> etc[1].
> 
> I totally understand that our QA team can't solve all of this, but I
> have a couple of automated ideas that might help:

This is something we really need to start thinking about. Tasks that
involve more than a few packages usually require a large number of NMUs,
which is quite sad.

> * Some automated check that would mark the package as outdated. Outdated
> packages won't make it into stable and would be removed from unstable.
> Some indicators that package might be outdated:
>  - big difference (in time, in version numbers?) between upstream
>  version and Debian version
>  - no upload in a long time

s/upload/maintainer upload/

>  - some really outdated standards version
>  - some really outdated dh compat level
>  - using outdated packaging tools (and please don't go into the 1.0 vs
>  3.0 fight again here :-)
>  - something with being a leaf library and not used by anybody else for
>  a long time (combine that with popcon, f.e.?)
>  - other indicators

- Is maintained by the QA group (for longer than X time?)
- Is orphaned (for longer than X time?)
- Is RFA (for longer than X time? Or maybe it should auto-move to
  orphaned)

Essentially, if nobody steps up to maintain the packages, then they 
should go.

- Maintainer does not respond to bug reports in a timely (eg, 1.5 months
  calculated per package).

I think that maintainer responsiveness should be the key metric, not up-
to-dateness (ie, the maintainer may be holding back for good reasons, but 
those reasons should be explained).

This should also help detecting teams that have effectively become empty.

> 
> * Package marked as "outdated" would:
>  a) not be able to enter "stable"
>  b) not be able to enter "testing"
>  c) would be removed from "unstable"

Adding to the testing autoremoval queue would be a great start.

-- 
Saludos,
Felipe Sateler

Reply to:

Follow-Ups:
- Re: Overall bitrot, package reviews and fast(er) unmaintained package removals
  - From: Neil Williams <codehelp@debian.org>
- Re: Overall bitrot, package reviews and fast(er) unmaintained package removals
  - From: Brian May <bam@debian.org>

References:
- Overall bitrot, package reviews and fast(er) unmaintained package removals
  - From: Ondřej Surý <ondrej@sury.org>

Prev by Date: Re: Overall bitrot, package reviews and fast(er) unmaintained package removals
Next by Date: Re: Overall bitrot, package reviews and fast(er) unmaintained package removals
Previous by thread: Re: Overall bitrot, package reviews and fast(er) unmaintained package removals
Next by thread: Re: Overall bitrot, package reviews and fast(er) unmaintained package removals
Index(es):
- Date
- Thread