Found bug in port but maintainer unresponsive

Hello,

I found two simple bugs in a port. The ports pkg-descr points to a GitHub repository where the port is developed. I filed two issues there along with the description of the problem and a possible solution (patch) 10 months ago. I also sent an email to the developer which is also the maintainer (as per Makefile) of the port. As I got no response I resend this email in May, August and October. Now I don't expect an answer anymore.

What should I do next?
 
Dear honk,
I think you have done your best. May be you post the link to the problem report. Then the forum users can have a look as well. It would be a pitty if your effort would have been in vain.
 
Thanks for you reply!

I'm not sure if it is a good idea to provide the name of the port or a link to the repository here, because I don't want to blame the developer/maintainer. If someone is able to help I cold provide those information in a personal message.

Is there an "official" way or procedure to handle such cases?
 
Is there an "official" way or procedure to handle such cases?

To report a maintainer-timeout, set maintainer-feedback to timeout so everyone can see that there is a maintainer-timeout.

Example:
1607193514553.png
 
  • Maintainer seems to have changed their email address a while (> 1 year) ago, PR 238336. Sure you wrote to the correct one?
  • Anyways, this software looks – is inactive still a word here? (Ok, gotta be careful, I have projects without commits in years as well)
  • Option 1: Add another comment on bugzilla
  • Option 2: Ask for assistance on freebsd-ports@ mailing list
  • Option 3: Ask for assistance on IRC (freenode #freebsd-ports or EFnet #bsdports)
 
I get the impression email validation isn't performed.

i.e. if developer then 6 monthly email "are you alive" if no verification in 2 weeks flagged for follow up.

Then, all maintainer files must match a verified address or substituted to some stand in.
 
Maintainer seems to have changed their email address a while (> 1 year) ago, PR 238336. Sure you wrote to the correct one?
I saw this before and tried to contact the maintainer on the old, the new and the private address.


Anyways, this software looks – is inactive still a word here?
It's a simple tool without a need for permanent updates of any kind just to make it look "active".


I tried to set a "maintainer-timeout" as Alexander88207 proposed, but I'm not sure if I did it correctly.
 
I recently contacted the Maintainer, sunpoet, of security/nettle directly by the email address provided. He got it fixed and submitted in time to address the vulnerability I reported before the ports tree business.

Then he replied to apologize for not getting back to me sooner because he was swamped with work. I thanked him personally and for everybody here.

I believe he used to Maintain Weatherspect which I reported independently to him about not working right. He responded quickly to that, but changes made it impossible to keep it in a working condition so it was pulled.
 
Trihexagonal: Sorry, I don't understand what you are trying to say in the context of this thread.

In the meantime someone took over my bug reports and commited the fixes to the ports tree. So the bugs should be fixed. Sadly the result is a patch in the ports system and not a fixed version in the originating git repository. But okay. Thanks everyone for the support!
 
Trihexagonal: Sorry, I don't understand what you are trying to say in the context of this thread.
I relayed how I contacted the Maintainer of security/nettle directly by the email address provided and not only was he quick to respond and get the port fixed in time for the temporary freeze, he emailed me apologizing it took him so long to get back with me because he was swamped with work.

That it was the second port I had reported a problem with to him and he was quick to react both times.
 
Coincidentally (unless this was you on the mailing lists), there was a recent discussion about this:

Subject: security/luasec maintainer not responding
Date: Thu, 29 Apr 2021 19:42:35 +0200 (CEST)

> Second: how do you deal with this situation in general? I think I've asked
> this question before, but the results were somewhat inconclusive. When is
> a port considered unmaintained despite formally having a maintainer and
> how do you either mark it as unmaintained or assign a new maintainer with
> the least amount of work for anyone involved?

1. Submit patch to change MAINTAINER of the port in question.
2. Wait for timeout (for about a month).
3. Ask committers for commiting the patch.
 
Back
Top