EPEL Orphaned packages with vulnerabilities
Karel Volný
kvolny at redhat.com
Thu Aug 14 09:54:59 UTC 2014
Hi,
...
> There is now a security initiative to handle the outstanding security
> bugs.
that's cool that somebody cares
however, do you really think that users will appreciate this way of
handling the bugs, i.e. removing important libraries instead of patching
them?
>>> Perhaps you can un-retire the package(s) and maintain them?
>>
>> why should I fix things *you* broke?
>
> Please calm down. If the package and its dependencies should stay in
> EPEL, they need to be maintained.
probably my Google is broken, but I cannot find where this is set in stone?
I've always thought that it works in the way that if package gets orphaned,
it simply won't make it into next version of the distribution, not that it
should get removed from the current version, causing regressions for users
...?
> So if you would like to have the package in EPEL, you need to find
> a maintainer or maintain it.
sorry, I just don't follow your logic
it wasn't me who did the action - why should I undo it?
K.
--
Karel Volný
QE BaseOs/Daemons Team
Red Hat Czech, Brno
tel. +420 532294274
(RH: +420 532294111 ext. 8262074)
xmpp kavol at jabber.cz
:: "Never attribute to malice what can
:: easily be explained by stupidity."
More information about the epel-devel
mailing list