On Tuesday 25 October 2011 13:37:47 Will Stephenson wrote:
1) Quality and security. Despite the KDE:KDE3 maintainer's high degree of activity in packaging every KDE 3 app out there and adapting the KDE 3 platform to build on current distributions, it is a mistake to equate this with sufficient maintenance to ensure adequate code quality to include this in our distribution.
At least I am sure the code's quality did not decrease since the last KDE 3 release, don't you think so?
It may not have decreased relative to the state of the universe in 2008, but it is 2011 now and many external things have changed. For a concrete example consider changes to proprietary instant messaging protocols since then - I am quite sure that the kopete codebase is no longer as functional as it was in 2008.
There are no reports currently about any problems with kopete. There was broken Yahoo login, but this has been fixed by Kirill.
In addition, consider packaging quality. You now maintain, alone, 456 packages in KDE:KDE3, many more than were were maintained in 2008 by a team of 5 full timers in the KDE team at SUSE. And you now suggest maintaining GNOME 2. Unless you're Superman, packager effort per package has decreased since 2008, and with it packaging quality.
At least the packaging quality cannot be worse than that of 2008, agree? The KDE3 packages included in Factory either have the same specs as they had in 2008 or cleaned up ones.
The KDE 3 and Qt 3 codebases are massive, include code in all the worst places to have a vulnerability, have been essentially unmaintained for over 2 years now, and *include many known bugs and vulnerabilities that have only been fixed in the 4 releases*.
Good. Can you provide some links to the vulnerabilities bugreports or something related?
http://www.kde.org/info/security/ is a start. Nobody cares to systematically correlate bugs found and fixed in KDE 4 with KDE 3 any more though. Some maintainers have mass-closed their KDE 3 bugs. The Trinity bugtracker is mainly concerned with integration issues with recent Kubuntu releaeses. I occasionally get a CVE vs KDE 3 code which I fix, but there must be a lot of stuff getting by, simply due to the high degree of commonality of non-Plasma KDE3 and KDE4 code.
Thanks for the link. I will examine the issues, whether they affect KDE3 and whether we already have patches for them or the patch can be beckported. In some cases as I see there is already a ready KDE3 patch. But the list is not that extensive. There are totally 7 post-2008 issues in KDE overall and only 3 or 4 of them can potentially affect KDE3. Note that we already have several CVE post-2008 patches which could be already fixing the issues.
Assurances that the project is now maintained upstream by the Trinity project are hollow; the Trinity group is only a handful of people, none of whom are the original maintainers or developers of the code,
This is also the case of KDE4. Who of the KDE4 team are the original developers of KDE 1 or KDE 2 ?
coolo, dirk, dfaure, ossi, rich, aseigo just off the top of my head (I contributed odd patches to KDE 2 but nothing major).
Well KDE2 was already out when aseigo joined, I do not know for others, but I heard that aseigo is one of the oldest developers. This is normal: the set of developers changes in any project, some people come in, and some go away.
Even Kurt Granroth is maintaining a KDE 4 version of kbiff. And the current KDE 4 maintainers who are new since 3 or 4 have continuity with the previous maintainers, which the Trinity people do not.
What does it mean? How a man who joined after KDE4 can have continuity from KDE3? Sorry, this is quite difficult to understand.
and most of their effort is spent on writing a Qt4 compatibility layer and in porting the build system to cmake, not maintenance.
I think it would be impossible to port the code to cmake without maintenance? Am I wrong?
Yes, you are. The code is largely independent of the build system. Occasionally a change of build system throws up things it the code that need fixing; broken inclusion guards, symbol visibility things, but fixing these does not mandate bug fixing. In addition, It would be insanity++ to conflate general bugfixing work and porting to 'TQt' - neither would be done correctly.
Well if you suspect that Trinity people cannot do their work correctly, I can completely understand you. It is actually quite difficult to make such invasive changes. That's why Trinity is considerably less stable than our KDE3, which is again purely normal. Note that KDE4 is also less stable than KDE3, mostly also due to invasive changes.
In any case, the packages in KDE:KDE3 are based on 3.5.10 and only include some changes from the Trinity project's fork, which is now 3.5.12.
This is true. But we also include changes from other sources. There are many KDE 3 maintenance projects, associated with various distributions.
openSUSE Factory maintainers made an error of judgement to resume including KDE 3 packages while they demonstrably fulfil the latter 3 of our drop criteria [2], and marketing should not join them in this.
2) The message sent by a retrograde step. Being unique in a bad way is not good for the project.
I fail to see how having more users satisfied is bad. Can you elaborate this?
In answer to the rest of your points, what you suggest is placating a tiny minority of vocal 'Laggards' (http://en.wikipedia.org/wiki/Diffusion_of_innovations). This does not represent anything that will improve the image of openSUSE elsewhere. The harm caused to the project's image and the risks brought by shipping lots of crufty old code outweigh the benefit of indulging this group, who will neither promote openSUSE in gratitude nor will other groups come to openSUSE because the laggards are happy.
These absolutely unjustified claims about harm and that the people will not bring other people with them. Just some links where people ask for a KDE3 distribution and advised openSUSE: http://www.linux.org.ru/forum/linux-install/6763696?lastmod=1317508879383#co... http://www.linux.org.ru/forum/desktop/6570079?lastmod=1312501041995#comment-...
I have no objection to you continuing to offer KDE:KDE3 as an additional repository for this group.
Finally, if I may suggest a more useful way to please the diehards while making openSUSE unique: just port KDE 3 kdesktop and kicker to KDE 4, provide it as an alternate KDE 4 desktop shell in KDE:Extra.
Well, nothing bad with this idea except there should be people who can and will do so. Given that even elementary functions has been broken in KDE4 and still did not get repaired for years even in the applications that were ported to KDE4, I am quite sure that KDE4 team is either unable or unwilling to do so. On the other hand, as you know, Trinity does quite similar task by making KDE3's desktop compatible with Qt4. Anyway, as you know Qt5 will not include Qt3 support so there can be only two approaches: either use a compatibility layer as the Trinity team does or just rewrite all anew. Also note that Qt4 has significant, still unfixed, regressions compared to Qt3. Note also that there is much of KDE3 software that still was not ported to KDE4/Qt4 in either form. I suspect it's about 80% of all KDE3 software. Just for comparison, KDE:KDE3 has 460 packages (and this is far from total amount of KDE3 software), while KDE:Release:47 has only 250. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org