EPEL Orphaned packages with vulnerabilities

Till Maas opensource at till.name
Mon Aug 11 17:46:23 UTC 2014

On Mon, Aug 11, 2014 at 04:58:17PM +0200, Karel Volný wrote:

> >In response to that I closed all the tickets that were still open for
> that
> >package.
> I just wonder, if these had been opened for three years, why there was so
> great urgency to close the bugs now, immediately?

There is now a security initiative to handle the outstanding security

> >Perhaps you can un-retire the package(s) and maintain them?
> why should I fix things *you* broke?

Please calm down. If the package and its dependencies should stay in
EPEL, they need to be maintained. So if you would like to have the
package in EPEL, you need to find a maintainer or maintain it.


More information about the epel-devel mailing list