Re: [HEADSUP] Removing vulnerable packages

To: Greg Troxel <gdt%ir.bbn.com@localhost>
Subject: Re: [HEADSUP] Removing vulnerable packages
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Fri, 1 Apr 2011 17:33:33 +0200

On Fri, Apr 01, 2011 at 11:24:10AM -0400, Greg Troxel wrote:
> Thomas Klausner <wiz%NetBSD.org@localhost> writes:
> 
> > I think you misunderstood my intention.
> > I selected packages which have security issues for over 15 months
> > (probably much longer in some cases) _and_ which weren't update in the
> > same timeframe. This is in my eyes a good indicator of packages in
> > which noone is seriously interested and for which an upstream might
> > not even exist any longer.
> >
> > There is no point in keeping such packages in pkgsrc, since we're not
> > maintaining them.
> 
> OK, that makes sense, but the notion of "these packages are obviously
> ancient and no one should be using them" did not come through to me in
> your message.  It's the "vulnerable and not updated recently => presumed
> should be removed" logic that I object to.  

Sorry I didn't make myself clearer in the first email.

> I didn't mean to speak up for the gdb package.  I don't understand it's
> purpose, as the in-tree gdb seems better for NetBSD.

Ok. Perhaps as a more modern gdb for older NetBSD releases, but
without a maintainer, that won't work.
 Thomas

References:
- [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner
- Re: [HEADSUP] Removing vulnerable packages
  - From: Greg Troxel
- Re: [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner
- Re: [HEADSUP] Removing vulnerable packages
  - From: Greg Troxel

Prev by Date: Re: [HEADSUP] Removing vulnerable packages
Next by Date: Re: [HEADSUP] Removing vulnerable packages
Previous by Thread: Re: [HEADSUP] Removing vulnerable packages
Next by Thread: Re: [HEADSUP] Removing vulnerable packages
Indexes:

Home | Main Index | Thread Index | Old Index