#1466 non-responsive maintainer exception process for skottler
Closed None Opened 6 years ago by nb.

= phenomenon =
Several CVE's exist for nagios-plugins, skottler has not been responsive in fixing them.

= background analysis =
https://bugzilla.redhat.com/show_bug.cgi?id=1114841
https://bugzilla.redhat.com/show_bug.cgi?id=1098548
https://bugzilla.redhat.com/show_bug.cgi?id=1098531

Many attempts have been made to contact skottler on the above bugs and via email. Scott Wilkerson from upstream Nagios is willing to (co)maintain the package). I, as well as Major Hayden, have agreed to help him with this, and I have agreed to sponsor him into the packager group.

= implementation recommendation =
Reassign nagios-plugins to swilkerson (after I sponsor him into packager group), and add myself and mhayden as comaintainer.


I'm +1 to having upstream maintaining this package.

It appears skottler has returned, responding to this thread:

https://bugzilla.redhat.com/show_bug.cgi?id=1098548#c16

However I would still appreciate this being left to discuss at the next FESCo meeting taking into consideration the points I made here:

https://bugzilla.redhat.com/show_bug.cgi?id=1098548#c19

And more, skottler fueling drama, claiming Nagios Enterprises is trying to make a "hostile takeover" of the package:

https://twitter.com/samkottler/status/625767271995174912

To reiterate, David Cafaro from the Fedora Security Team reached out to me asking if I would be willing to help get these security fixes into the package. Not a "hostile takeover" as skottler is proclaiming.

AGREED: jwb to talk to maintainer and work out some mutially agreeable solution (+5,0,0) (nirik, 18:54:06)

The original tickets have not had any update and remain unpatched.

Replying to [comment:6 dcafaro]:

The original tickets have not had any update and remain unpatched.

We're aware of that.

I've been in contact with Sam but things are progressing slowly.

From today's FESCo meeting:

14:32 < paragan> #agreed: jwb to commit and build the 2.0.3 update to fix the
CVEs (+8, 0, 0)

  • AGREED: Revisit this next week (+5, 0, -0) (sgallagh, 18:06:06)

Please remember that this non-responsive maintainer issue also affects this security bug which wasn't linked to in the original FESCO ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1098549

It's still in need of a patch.

Replying to [comment:10 dcafaro]:

Please remember that this non-responsive maintainer issue also affects this security bug which wasn't linked to in the original FESCO ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1098549

It's still in need of a patch.

I believe that is incorrect.

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7535

Kevin filed the epel update 14 days ago.

Ah, thank you, I was unaware of that update. It appears they linked it against the fedora-all ticket and not the epel-all ticket.

Sorry about that. I think I have edited the epel update to point to the correct bugs now.

Testing welcome.

All packages will be orphaned if there is no status update from skottler by 2015-08-31 12UTC.

Done. Packages orphaned:

{{{
user: kevin changed point of contact of package: erlang-js from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-js from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: activemq from: skottler to: orphan on branch: f21
user: kevin changed point of contact of package: activemq from: skottler to: orphan on branch: f22
user: kevin changed point of contact of package: activemq from: skottler to: orphan on branch: f23
user: kevin changed point of contact of package: activemq from: skottler to: orphan on branch: master
user: kevin changed point of contact of package: erlang-mochiweb from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-mochiweb from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-riak_api from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-riak_api from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-cluster_info from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-cluster_info from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-sext from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-sext from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-poolboy from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-poolboy from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-eper from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-rebar from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-riak_control from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: cppunit from: skottler to: orphan on branch: el5
user: kevin changed point of contact of package: erlang-riaknostic from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-riaknostic from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-riak_pb from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-riak_pb from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-basho_metrics from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-basho_metrics from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-eleveldb from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-eleveldb from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-riak_kv from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-riak_kv from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: rubygem-minitest from: skottler to: orphan on branch: el5
user: kevin changed point of contact of package: rubygem-minitest from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-bear from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-bear from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-folsom from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-folsom from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-riak_client from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-riak_client from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-riak_sysmon from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-riak_sysmon from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-mustache from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-mustache from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-basho_stats from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-basho_stats from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-protobuffs from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-protobuffs from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-riak_core from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: python-cloudfiles from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: python-cloudfiles from: skottler to: orphan on branch: f21
user: kevin changed point of contact of package: python-cloudfiles from: skottler to: orphan on branch: f22
user: kevin changed point of contact of package: python-cloudfiles from: skottler to: orphan on branch: f23
user: kevin changed point of contact of package: python-cloudfiles from: skottler to: orphan on branch: master
user: kevin changed point of contact of package: erlang-merge_index from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-merge_index from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-getopt from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-getopt from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: el5
user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: f21
user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: f22
user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: f23
user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: master
user: kevin changed point of contact of package: erlang-bitcask from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-bitcask from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-riak_err from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-riak_err from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: el5
user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: f21
user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: f22
user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: f23
user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: master
user: kevin changed point of contact of package: riak from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-ebloom from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-ebloom from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: rubygem-rgen from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: rubygem-rgen from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: rubygem-rgen from: skottler to: orphan on branch: f21
user: kevin changed point of contact of package: rubygem-rgen from: skottler to: orphan on branch: f22
user: kevin changed point of contact of package: rubygem-rgen from: skottler to: orphan on branch: f23
user: kevin changed point of contact of package: rubygem-rgen from: skottler to: orphan on branch: master
user: kevin changed point of contact of package: erlang-rpm-macros from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-rpm-macros from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-riak_search from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-riak_search from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-riak_pipe from: skottler to: orphan on branch: epel7
user: kevin changed point of contact of package: erlang-lager from: skottler to: orphan on branch: el6
user: kevin changed point of contact of package: erlang-lager from: skottler to: orphan on branch: epel7
}}}

Login to comment on this ticket.

Metadata