Am 09.06.2011 um 14:08 schrieb Greg Troxel: > Generally, my opinion is to assess whether having the package removed is > in the best interest of pkgsrc users, keeping in mind finite effort on > the part of pkgsrc maintainers. Removing pacakges makes it harder to > update them later, while leaving a package at a slightly old revision > with known vulnerabilities causes almost no problems. And, removal > makes it harder for a user to choose to use the package anyway. Well, the question is: Does it make sense to use a package that not only has security holes which are not being fixed, but even has a new security hole almost each week? The problem is that the number of unfixed security holes only gets bigger. > You say that you're using it, but that it's "just not helping at all". > That seems inconsistent. Well, basically, I do make configure, patch it manually and then build it. However, with each update to a dependency of asterisk, I have to do that again, so it actually is more work than building asterisk without pkgsrc. > In this case, it seems jnemeth@ has updated to a newer upstream release > a few hours ago. Ah, cool. That helps. -- Jonathan
Attachment:
PGP.sig
Description: Signierter Teil der Nachricht