search

lbellonda / qxmledit

QXmlEdit XML editor. Downloads: https://sourceforge.net/projects/qxmledit/files
http://qxmledit.org
Other
160 stars 46 forks source link

Looking for maintainer for QXmlEdit snap before the end of March 2021 #77

Closed frederickjh closed 2 years ago

frederickjh commented 3 years ago

I am looking for a maintainer to take over the QXmlEdit snap project frederickjh/qxmledit that is making the snap of this project QXmlEdit.

I plan to literally move halfway around the world this year. In this new location my connection to the internet may not be the best. I will not have time to dedicate to this project. Instead of letting it fall into disrepair or get security holes I am looking for a maintainer to take over the project before I close it down.

Currently, I mostly just do the the builds for security updates in packages included in this snap. After the initial coding of the snap we have had two issues. On both the maintainer of the QXmlEdit project @lbellonda helped find solutions.

We are now approaching 1900 users of the snap of QXmlEdit.

If a new maintainer does not step up by the end of March 2021 I will remove the QXmlEdit snap from the snap store and archive the project on GitHub.

Anyone interested in taking over maintaining the snap should respond to the open issue regarding this on the Github project for the QXmlEdit snap.

frederickjh commented 3 years ago

image

frederickjh commented 3 years ago

image

Still looking for a new maintainer.

frederickjh commented 3 years ago

image

frederickjh commented 3 years ago

image

frederickjh commented 3 years ago

We are now half-way through March. So far no one has express an interest in taking over the QXmlEdit snap. Currently it needs less than 100 more users to reach the 2000 users mark.

I will not post until the end of the month when I will disable it in the Snap Store and archive the repository on Github, unless someone steps forward to take over its maintenance.

image

frederickjh commented 3 years ago

@lbellonda I have someone interested in taking over the snap, but I am not sure as they do not plan to update the snap as packages in the snap have security updates come out. This means that until you would push a new release none of the security updates would git added to the snap. See his comments on this issue. I need to research this myself. Any thoughts?

frederickjh commented 3 years ago

@lbellonda I looked into collaboration. It is possible to create a brand/umbrella account for QXmlEdit then add collaborators accounts to the brand/umbrella account. This would allow QXmlEdit to take over the snap so that you and any other collaborators could fire of a build to get new Linux packages that have security updates online at snapcraft.io in the online interface. However if there are ever any issues the possible maintainer could jump in to help fix any issues that arrive with the snaps code. Let me know if this is something you would be interested in.

frederickjh commented 3 years ago

Docs on creating snapstore brand

lbellonda commented 3 years ago

Hello, right now I am following this project and it is difficult to find the time to be responsible for other projects as well.

frederickjh commented 3 years ago

@lbellonda Thanks for getting back to me. You addressed the question of having time or not having time to maintain the QXmlEdit snap.

What you did not address is the way the new maintainer plans to not update the snap when security updates come out for packages included the snap with QXmlEdit. These security updates to packages would only be done when the QXmlEdit project makes a release of a new version, which is currently about twice a year. Are you OK with this?

If you are OK with that then I will go ahead and work on transferring the snap to the new maintainer.

If you are not OK with this, then I can unpublish the snap in the snap store shutting it down. This will reserve the namespace, which I can transfer at a later time to you or a new maintainer. If I delete it then there is no stopping anyone from forking my archived repository on Github and then publishing the snap under the same name in the Snap Store right away.

I know that you don't endorse any packaging of QXmlEdit that you don't do, so maybe this doesn't matter to you one way or the other, however as the upstream maintainer I want to ask before moving froward. Saying it does not mater to you is also an acceptable response too.

Thanks in advance for your input on this! Frederick

frederickjh commented 3 years ago

The email below was in my email inbox this morning. These email will be ignored by the potential new maintainer. @lbellonda if I don't hear back from you in the next week on your thoughts on the new potential maintainers policy of not updating the QXmlEdit snap for these security updates in packages snapped with QXmlEdit. I will not turn over the QXmlEdit to the potential new maintainer and remove it from the snap store.

Subject: qxmledit contains outdated Ubuntu packages From: Snap Store To: Frederick A scan of this snap shows that it was built with packages from the Ubuntu archive that have since received security updates. The following lists new USNs for affected binary packages in each snap revision:

Revision r399 (amd64; channels: stable, candidate, beta, edge)

  • libhogweed4: 4906-1
  • libnettle6: 4906-1

Revision r400 (s390x; channels: stable, candidate, beta, edge)

  • libhogweed4: 4906-1
  • libnettle6: 4906-1

Revision r401 (i386; channels: stable, candidate, beta, edge)

  • libhogweed4: 4906-1
  • libnettle6: 4906-1

Revision r402 (arm64; channels: stable, candidate, beta, edge)

  • libhogweed4: 4906-1
  • libnettle6: 4906-1

Revision r403 (ppc64el; channels: stable, candidate, beta, edge)

  • libhogweed4: 4906-1
  • libnettle6: 4906-1

Simply rebuilding the snap will pull in the new security updates and resolve this. If your snap also contains vendored code, now might be a good time to review it for any needed updates.

Thank you for your snap and for attending to this matter.

References:

lbellonda commented 3 years ago

Hello, at the moment I cannot commit to being the maintainer of other packages.

I would like to thank you for the work you have done so far and for the time you dedicate to this project.

frederickjh commented 3 years ago

Dear QXmlEdit users,

The QXmlEdit snap is no longer maintained and most recently released version 0.9.16 already contains packages that have security updates. Please see the QXmlEdit Info and Download page for how to install from another source.

I am sorry to the almost 2000 current user of the QXmlEdit snap, but I am unable to continue maintaining it nor was I able to find a maintainer that would also update for security releases in packages included the snap.

If anyone is interested in becoming the QXmlEdit snap maintainer contact me. You can do this via Github. The QXmlEdit snap repository has now been archived on Github. The snap has been marked private and all channels closed. No new updates will be made nor will new installs nor re-installing in be possible.

Sincerely,

Frederick Henderson Former QXmlEdit Snap Maintainer

Mailaender commented 2 years ago

I propose https://github.com/flathub/flathub/pull/3071 as an alternative. Flatpak is a widely accepted counterpart to snap.

frederickjh commented 2 years ago

@Mailaender You can propose all you want. I have no interest or time to continue with the Snap nor develop a Flatpak. You are welcome to do it, if so inclined. March 2021 has long pasted and no one has come forward to take up the project so I am closing this issue.