[ On Monday, July 15, 2002 at 18:42:15 (+0200), Thomas Klausner wrote: ]
> Subject: Re: removing vulnerable packages vs. marking them BROKEN (was: CVS commit: doc)
>
> On Mon, Jul 15, 2002 at 12:32:41PM -0400, Greg A. Woods wrote:
> > > Removed gnut [vulnerable and no newer version available]
> > 
> > [[ that should be "net/gnut 0.4.20", right?  :-) ]]
> > 
> > (and there is a newer version available, 0.4.28 -- but presumably it's
> > still vulnerable)
> 
> 0.4.28 is supposed to not be vulnerable. The homepage disappeared,
> though, and I didn't find a newer distfile than 0.4.27 (the last
> vulnerable version).

It's not exactly in the same place as it was (seems there might be a
symlink missing on the server).  The new link is here on this page:

	http://www.gnutelladev.com/source/gnut.html

The ChangeLog claims it's not yet released, but the above page says it
is (so I'd guess someone forgot to update the ChangeLog).

I don't know why Gnut is not on the http://www.gnutelliums.com/linux_unix/
page any more -- I'd suggest the "HOMEPAGE" be changed to the above if
anyone reactivates and updates this package....

> In general, I'm not opposed to marking packages as BROKEN, but if they
> stay BROKEN for too long, I am for removing them completely since
> there obviously is not enough interest in keeping them around.

I can't disagree with that!  ;-)

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>