EPEL Orphaned packages with vulnerabilities

Till Maas opensource at till.name
Wed Aug 6 22:08:12 UTC 2014

On Wed, Aug 06, 2014 at 03:48:14PM -0600, Orion Poplawski wrote:

> Random thought - have a "remove-insecure-packages" package that obsoletes
> dead packages with known vulnerabilities?  People could perhaps exclude that
> package from yum updates if they really want to keep old stuff around.

In Debian oldstable there is a check-support-status script that shows
which installed packages are currently supported, IMHO this would be a
nice addition, maybe with a daily cron job that sends an e-mail or a yum
plugin that shows this when checking for updates. This is something I
would like more that removing packages automatically, since the package
is usually installed for a reason.


More information about the epel-devel mailing list