EPEL Orphaned packages with vulnerabilities
Orion Poplawski
orion at cora.nwra.com
Wed Aug 6 21:48:14 UTC 2014
On 08/06/2014 12:32 PM, Eric H. Christensen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> I just did a query of all the packages in EPEL that are currently orphaned and contain vulnerabilies. I'm wondering if any of them are still useful or if they can be removed from the repos. Here's the list:
>
big list deleted
Random thought - have a "remove-insecure-packages" package that obsoletes dead
packages with known vulnerabilities? People could perhaps exclude that
package from yum updates if they really want to keep old stuff around.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the epel-devel
mailing list