Subject: Re: removing vulnerable packages vs. marking them BROKEN
To: Thomas Klausner <>
From: Greg A. Woods <>
List: tech-pkg
Date: 07/15/2002 15:10:42
[ On Monday, July 15, 2002 at 18:42:15 (+0200), Thomas Klausner wrote: ]
> Subject: Re: removing vulnerable packages vs. marking them BROKEN (was: CVS commit: doc)
> On Mon, Jul 15, 2002 at 12:32:41PM -0400, Greg A. Woods wrote:
> > > Removed gnut [vulnerable and no newer version available]
> > 
> > [[ that should be "net/gnut 0.4.20", right?  :-) ]]
> > 
> > (and there is a newer version available, 0.4.28 -- but presumably it's
> > still vulnerable)
> 0.4.28 is supposed to not be vulnerable. The homepage disappeared,
> though, and I didn't find a newer distfile than 0.4.27 (the last
> vulnerable version).

It's not exactly in the same place as it was (seems there might be a
symlink missing on the server).  The new link is here on this page:

The ChangeLog claims it's not yet released, but the above page says it
is (so I'd guess someone forgot to update the ChangeLog).

I don't know why Gnut is not on the
page any more -- I'd suggest the "HOMEPAGE" be changed to the above if
anyone reactivates and updates this package....

> In general, I'm not opposed to marking packages as BROKEN, but if they
> stay BROKEN for too long, I am for removing them completely since
> there obviously is not enough interest in keeping them around.

I can't disagree with that!  ;-)

								Greg A. Woods

+1 416 218-0098;            <>;           <>
Planix, Inc. <>; VE3TCP; Secrets of the Weird <>