On Thu, Jan 19, 2012 at 03:30:50PM -0800, Adam Williamson wrote:
On Sat, 2012-01-14 at 19:12 +0100, Kevin Kofler wrote:
> Kevin Fenzi wrote:
> > Keeping packages around with no maintainers or people handling their
> > bugs is poor for everyone.
>
> Why? If I, as a user, really need a certain piece of software, I'd rather
> have an unmaintained package than none at all! Worst case, I can't use the
> package at all, in which case I'm still no worse off than with no package at
> all!
I disagree. The existence of a package triggers certain assumptions: the
package will be maintained and keep working. That's the point of there
*being* a package, after all. So if there's a package for something, I
don't check for security updates for that 'something' myself. I figure
the packager is doing that for me.
So if I wind up with an unmaintained package installed, my security has
just been reduced.
Do you have the numbers to prove that? Also note that not all packages
contain code. (I just found
leonidas-backgrounds-lion-dual-11.0.0-2.fc12.noarch on my machine. This
package is most certainly unmaintained. Oh my god, my machine is
insecure!)
D.