[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Validating tarballs against git repositories

On 29/03/24 at 23:29 -0700, Russ Allbery wrote:
> The sad irony here is that the xz maintainer tried to do exactly what we
> advise people in this situation to do: try to add a comaintainer to share
> the work, and don't block work because you don't have time to personally
> vet everything in detail.  This is *exactly* why maintainers often don't
> want to do that, and thus force people to fork packages rather than join
> in maintaining the existing package.

Yes. In that specific case, the original xz maintainer (Lasse Collin)
was socially-pressed by a likely fake person (Jigar Kumar) to do the
"right thing" and hand over maintenance.

https://www.mail-archive.com/xz-devel@tukaani.org/msg00566.html

I wonder if "Dennis Enn" is also a fake person. In retrospect, that
email looks suspicious:

On 2022-06-21 Dennis Ens wrote:
> Why not pass on maintainership for XZ for C so you can give XZ for
> Java more attention? Or pass on XZ for Java to someone else to focus
> on XZ for C? Trying to maintain both means that neither are
> maintained well.

Lucas
Reply to: