How does a package become orphaned? (was Re: Attn maintainer: python-paramiko)
Chad Dougherty
crd@acm.org
Fri Nov 4 13:05:49 GMT 2022
On 2022-11-04 08:34, Jon Turney wrote:
> The second is not so clear: A package is orphaned if it's maintainer
> is not responsive to queries as to if they still want to be the
> maintainer of the package.
>
> It's undefined how many times we should ping, or how long we should wait
> for a response, but I think that the ~10 months that's elapsed here is
> more than enough!
>
If the prospective adopter is also proposing an update that addresses
security vulnerabilities in the old package, I suggest that that, and
the severity and impact of those vulnerabilities be factored into the
timeout decision.
--
-Chad
More information about the Cygwin-apps
mailing list