This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Do we need a new maintainer for fetchmail?

Am 30.11.2010 13:42, schrieb Corinna Vinschen:

> So, first I'd really like to get a word from you, Jason.
> If Jason is AWOL for a longer period of time (which I doubt, since he
> was still active on the cygwin list early November), then we can talk
> about taking over maintainership, if that's an option for you.

Dear Corinna, *,

Taking over is not really an option for me, as I don't mean to commit to
Cygwin-related projects, or take maintainership from anyone (including Jason).
I also don't want to become YAMWHTLT (yet another maintainer who has too little

In this particular case, I've attempted to deal with end user pain that surfaced
on the fetchmail-users@ list.  There have been more than 60 bug fixes to
fetchmail 6.3.18 since 6.3.9, and I've mentioned the vulnerabilities.
CVE-2009-2666 is quite serious, it can betray passwords.  The authentication
issue (EN 2010 03) is also quite impractical, it harms interaction with newer
Exchange 2007 and 2010 versions.  CVE-2009-2666 has been fixed for long.

Just to explain my background a bit more, and acknowledging the differences
between projects -- in FreeBSD third-party ports, there is a policy [1] that
developers ("committers", i. e. those with CVS write access) can perform minor
updates (such as patchlevel, bug fixes, ...) even without maintainer consent
after two weeks.  I wonder if it might be an option that Cygwin establishes
similar policies to deal at least with critical bugs in packages, or establishes
the concept of a "shared maintainer" or "also permitted to upload minor updates".

Best regards

[1] references:

Matthias Andree

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]