Conversation
github-actions
bot
added
10.rebuild-darwin: 0
|
I don't think you need to actively start dropping things that you are maintaining, while it would be better to have a committer as part of the maintainer, I think just building a network and having a committer that you can ask for a quick review is the better solution. |
ghost
requested a review
from 
ghost
added
the
1.severity: security
|
I don't intend to merge this PR nor blocking it. To improve the current situation, I started a discussion in #415695. (If any other commiter intend to merge, they should feel free) |
|
That's upto you, without any maintainer picking it up again, it will be dropped anyhow. |
|
I wish we could have a notice for users that packages might be dropped so they can sign up to be maintainers. Something that is merged in advance |
|
Ok so this PR is open for 10 days and the only maintainer wants out. I do not see a way forward, at least short term and despite the discussions going on in #415695, for a proper maintenance. Given that the nixpkgs requirements for security-critical fast-moving package are currently not met, I'm going to make what will likely be an unpopular decision and merge this by the end of the week. Side note: I took a look at upstream repo because I was curious of the privacy related changes. Over the past 2 years it seems to have been maintained by a single maintainer. I'm also a bit surprised by some of the changes, typically this one: https://github.com/uazo/cromite/blob/v137.0.7151.72-4ea840397d139bcaf3298a54a80a93d135f7dac7/build/patches/Use-BoringSSL-for-RandBytes.patch which appears to have been to "to overcome the lack of entropy for the internal generator in some android devices" but seems to be applied for all contexts nonetheless. |
We can already do that with some meta.knownVulnerabilities = [
''
Cromite is unmaintained in nixpkgs and will not receive any security-critical updates.
Feel free to start maintaining this package if you want to keep using this browser
vulnerability-free and if you are willing to donate some of your free time to nixpkgs.
''
];
I think it'll be fine... (no hate to uazo I think it's very admirable to maintain a chromium fork with such consistency) |
I wish we had a policy that prevents new maintainers from adding packages only to throw them away later. |
We have such policy in our contributing guidelines, but it's not like it matters in this case here. Not being aware of this as a committer is unfortunate, but whatever. Please consider reading those for once and stop interfering with this PR. |
wegank
added
the
12.approvals: 2
In the recent days I have shifted towards a more nixpkgs-review approach and I believe that is better as it shows whether all dependant packages are building fine and with error logs for those that have failed to build. |
|
Successfully created backport PR for |
github-actions
bot
added
the
8.has: port to stable
ghost
removed
1.severity: security
8 participants
the absence of any committers among its maintainers
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.