This is the mail archive of the
mailing list for the Cygwin project.
Re: Do we need a new maintainer for fetchmail?
Am 30.11.2010 13:42, schrieb Corinna Vinschen:
> So, first I'd really like to get a word from you, Jason.
> If Jason is AWOL for a longer period of time (which I doubt, since he
> was still active on the cygwin list early November), then we can talk
> about taking over maintainership, if that's an option for you.
Dear Corinna, *,
Taking over is not really an option for me, as I don't mean to commit to
Cygwin-related projects, or take maintainership from anyone (including Jason).
I also don't want to become YAMWHTLT (yet another maintainer who has too little
In this particular case, I've attempted to deal with end user pain that surfaced
on the fetchmail-users@ list. There have been more than 60 bug fixes to
fetchmail 6.3.18 since 6.3.9, and I've mentioned the vulnerabilities.
CVE-2009-2666 is quite serious, it can betray passwords. The authentication
issue (EN 2010 03) is also quite impractical, it harms interaction with newer
Exchange 2007 and 2010 versions. CVE-2009-2666 has been fixed for long.
Just to explain my background a bit more, and acknowledging the differences
between projects -- in FreeBSD third-party ports, there is a policy  that
developers ("committers", i. e. those with CVS write access) can perform minor
updates (such as patchlevel, bug fixes, ...) even without maintainer consent
after two weeks. I wonder if it might be an option that Cygwin establishes
similar policies to deal at least with critical bugs in packages, or establishes
the concept of a "shared maintainer" or "also permitted to upload minor updates".