Re: Lucas Kanashiro and Athos Ribeiro hijack my package
Hello,
>Tobi, I never knew I could simply self-appoint myself to maintainer with
>a simple (sponsored) upload of libpng16 (a package you co-maintain) or
>tokyocabinet (a package you maintain), drop you to uploader or nothing
>and you'd be cool with that. Hey, it's in collab-maint after all, isn't
>it? Awesome!
if the sponsor is happy with your libpng16 changes, fine from my maintainer side.
I think, like tobi, to the general "helping" criteria that follows the collab-maint
repositories.
Time runs out, and what we should care is to fix stuff and fix up the eventual mess we might do.
So, if you and your sponsor are happy with the upload, just commit and do it, and I won't complain.
To be honest, I hijacked a *lot* of packages, that were in my opinion not suitable for any stable release,
with maintainers lacking time/resources to properly maintain them (once I even had release folks telling me
"just ****ing do it").
This is a fact, libpng1.6 is one of them, where me and Tobias and some other guys, updated it, did
a really big transition to move to it, freeing the archive of the various libpng16 bundled code copies around,
and then did another big transition to remove the old libpng12 from the archive.
Trust me, it was a lot of work, and a technical hijack.
I did the same with bglibs, bcron, ucspi-* and a lot of other packages that failed a transition when the maintainer got temporarily MIA.
I also did the gdbm one, barely "team uploading" something that wasn't under team maintenance at all.
I also upload a lot of NMUs, when I don't just care about what the maintainer says, if he doesn't reply at all.
Also lirc has been a complete hijack, where upstream did months of work, and the current 0.9.0~pre was completely messed up between Debian and Ubuntu, with people complaining to upstream because of it being out-of-date.
I helped the adopter (upstream) bringing the package into a suitable and uploadable state, after doing the work in Ubuntu (where reverting/adopting/changing is a lot easier), and when I got enough confidence, I did upload it on unstable.
It has been a lot of work, over the years, and a lot of time I have felt the confidence that moving on, without maintainer consent, was better for everybody (maybe except him), and this is what I cared most, our userbase.
I feel, after all the uploads above, that Debian, and upstream (for such packages) is in a really better state, with less bugs and less divergency from other distro and derivatives (that often tends to be more up-to-date because forwarding new packages to Debian is difficult for our policy).
Fortunately, due to a mix a lot of stuff, I *never* have been accused of breaking stuff, and I promptly acted to fixup new bugs in case somebody pointed out them at me
(ucspi is a sad example, where I did NMU but found time/skills to change and fixup the mess only 5 days ago).
Sometimes we do mistakes, I have been probably lucky to not break too much things in my work, but I'm also happy nobody took an upload *that* seriously, and together we always found a way to fixup stuff.
(that said, I don't want to go deep in your case, I don't want to read all the mess, and I'm sorry if you felt bad for the upload, I hope now it is everything happy again wrt your package.)
An hijack is a failure for the maintainer, the uploader, the sponsor and the adopter (and for this, I'm sorry for your feelings being hurt!).
But we live in real world, where people have dailywork, and not much time to bother folks in a lot of times (back to 2014, I used to find people over irc, phone, alternative emails, linkedin and other services, now I really can't try to contact them if they don't reply).
I really hope your revert will make you feel better and don't feel sad anymore for your package being stolen.
Keep up the good work, I hope to see you continuing your contributions of both Debian and Ubuntu!
cheers,
Gianfranco
Reply to: