[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [HEADSUP] Removing vulnerable packages
On Fri, Apr 01, 2011 at 11:24:10AM -0400, Greg Troxel wrote:
> Thomas Klausner <wiz%NetBSD.org@localhost> writes:
> > I think you misunderstood my intention.
> > I selected packages which have security issues for over 15 months
> > (probably much longer in some cases) _and_ which weren't update in the
> > same timeframe. This is in my eyes a good indicator of packages in
> > which noone is seriously interested and for which an upstream might
> > not even exist any longer.
> > There is no point in keeping such packages in pkgsrc, since we're not
> > maintaining them.
> OK, that makes sense, but the notion of "these packages are obviously
> ancient and no one should be using them" did not come through to me in
> your message. It's the "vulnerable and not updated recently => presumed
> should be removed" logic that I object to.
Sorry I didn't make myself clearer in the first email.
> I didn't mean to speak up for the gdb package. I don't understand it's
> purpose, as the in-tree gdb seems better for NetBSD.
Ok. Perhaps as a more modern gdb for older NetBSD releases, but
without a maintainer, that won't work.
Main Index |
Thread Index |