[csw-users] Security Vulnerabilities in Samba.

Jeremiah Johnson jeremiah.johnson at gmail.com
Fri Jul 20 18:47:04 CEST 2007

On 7/20/07, Alessio <a.cervellin at acm.org> wrote:
> Jeremiah Johnson wrote:
>  > The stable branch is supposed to be updated only every 3 months, and
>  > unstable constantly, but I'm not seeing any visible action in unstable
>  > with regards to samba.
> indeed unstable is updated constantly and frequently, but sometimes it
> happens a package is being abandoned by its maintainer (or even worst
> himself abandon the blastwave community) without posting us any notice
> about this decision.
> we are thinking about some automated system to detect whether a
> maintainer is still "active" or not, so that we are alerted when a
> package is "abandoned".

As far as automated, just define some rules.

If a package is not updated in stable in two release cycles (6 months)
then you could either consider it abandoned, or buggy.  Looking at the
unstable tree and the bug tracker would let you know which of these
two possibilities you're looking at.

You may want to consider implementing a secondary maintainer for
packages.  This secondary maintainer wouldn't be in charge of the
package, but could assist and should be on any mailing list related to
the package.  If the primary maintainer is too busy, or leaves then
the secondary maintainer could take over as the new maintainre or
temporarily until a new maintainer is found.  The idea here is to have
somebody else that knows about the package, so there isn't a loss of
knowledge when a maintainer is lost.


More information about the users mailing list