On 11/22/20 2:54 AM, Matěj Cepl wrote:
The way to fix the "it doesn't build" or "no one cares and it's way old" problem is to have a policy to evict packages that fall into those categories, define the policy and automate it.
So, the only bugs we are interested in is that the package is so broken it doesn't even build. Are there any other bugs we care about (and which would require updating)?
Yes, security bugs above a certain severity, bugs that cause data loss or applications using the lib to crash or bugs that mean the library no longer functions in the way it was designed to (you might be able to add 1-2 more things to that list). Often a new version might just be a couple of minor fixes that only fix issues that very few people might see or might only affect certain platforms, equally it might just add a minor feature few people care about. If no one is reporting having issues with the bugs or caring enough about the new features to do the update does the package really need updating? I say this from the perspective of someone who maintains a couple of SLE packages that haven't changed in 15-20 years (Serial modems don't change alot). -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B