On Monday, 10 October 2016 at 11:07, Florian Weimer wrote:
On 10/07/2016 06:43 PM, Dominik 'Rathann' Mierzejewski
wrote:
> I was made aware that EOL software with known security bugs that will
> not be fixed upstream (due to EOL status) was reviewed and accepted into
> Fedora recently.
Fedora relies on EOLed components pretty much across the system (including
critical security functionality), so one more such package really isn't the
end of the world. I think new packages should not be held to tremendously
higher standards than existing packages.
I think times have changed enough to warrant this at least for new
packages. I don't think it's acceptable to simply allow adding
known-to-be-vulnerable software to our package repositories without
additional review anymore.
Regards,
Dominik
--
Fedora
http://fedoraproject.org/wiki/User:Rathann
RPMFusion
http://rpmfusion.org
"Faith manages."
-- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"