EPEL Orphaned packages with vulnerabilities

Orion Poplawski orion at cora.nwra.com
Wed Aug 6 21:48:14 UTC 2014

On 08/06/2014 12:32 PM, Eric H. Christensen wrote:
> Hash: SHA512
> I just did a query of all the packages in EPEL that are currently orphaned and contain vulnerabilies.  I'm wondering if any of them are still useful or if they can be removed from the repos.  Here's the list:

big list deleted

Random thought - have a "remove-insecure-packages" package that obsoletes dead 
packages with known vulnerabilities?  People could perhaps exclude that 
package from yum updates if they really want to keep old stuff around.

Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                   http://www.nwra.com

More information about the epel-devel mailing list