EPEL Orphaned packages with vulnerabilities

[Eric H. Christensen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I just did a query of all the packages in EPEL that are currently orphaned and contain vulnerabilies.  I'm wondering if any of them are still useful or if they can be removed from the repos.  Here's the list:

couchdb - epel-all
ejabberd - epel-5
erlang - epel-5
horde - epel-all
libmodplug - epel-5 and epel-6
libupnp - epel-all
mantis - epel-5
maradns - epel-5
mediawiki - epel-5
mediawiki116 - epel-all
mod_wsgi - epel-5
moin - epel-5
openjpeg - epel-5
osc - epel-6
php-magpierss - epel-all
php-suhosin - epel-all
pki-common - epel-5
polipo - epel-all
python26-mod_wsgi - epel-5
python26-simplejson - epel-5
qemu - epel-5
revelation - epel-5
telepathy-gabble - epel-6
tigase-server - epel-all
torque - epel-all
wordpress-mu - epel-5
xinha - epel-5
zope - epel-5

Some of the vulnerabilities on these packages are quite serious.  I just don't know if any of these packages are still necessary and if they are how we can get them adopted and updated to remove the vulnerabilities.

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project

sparks at fedoraproject.org - sparks at redhat.com
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJT4nS8AAoJEB/kgVGp2CYvGcgL/3/GImrTGYkZSyPFWdXxJQ6e
4bzOXPzR0PTXoLanwrwTqTPUb0sWfanx4wOgVjSfjlnsS9oyNcDtH74tLJ6CWmBi
NsXQrQ4YPy+YZWrvePMJC7cRDfn7FOcMzdyOiZ28TdnS412IraK1gBwr2bOEZ239
HZSjLyI3TFgw7xfAuzIoZj0e5bzZlf/rFfjmXm3gE9le6CvCPsoCKPSqZNG6JB0H
h8KsLYGCuZYwpwm1MaHhlygH51dUUuooXnh5Pj143+T/vki8cldxkkjl5eRyepoY
mcRuDzLvtQI0MdwsRAENL/JS9RboI7gxE9wWLJHKRpxrmm6v6g2RwH7w7oWo2fv3
OnB40p3qbdhvOvXbT5ndpwawEkXGrqsn/fJIcWtCSB/wwQepDMjlI4vX0fkS9DUe
Ou6706mEXM6sEVh4IOFpGCq4jvsYphrWoFL+4fIdG9iVeG6QP+qeMpruTE5n8TaU
uYBPUPEp51tA4/kei/bQgeHLW2MKP53RvjArBPakNA==
=9Mbh
-----END PGP SIGNATURE-----