EPEL Orphaned packages with vulnerabilities
kvolny at redhat.com
Thu Aug 14 09:54:59 UTC 2014
> There is now a security initiative to handle the outstanding security
that's cool that somebody cares
however, do you really think that users will appreciate this way of
handling the bugs, i.e. removing important libraries instead of patching
>>> Perhaps you can un-retire the package(s) and maintain them?
>> why should I fix things *you* broke?
> Please calm down. If the package and its dependencies should stay in
> EPEL, they need to be maintained.
probably my Google is broken, but I cannot find where this is set in stone?
I've always thought that it works in the way that if package gets orphaned,
it simply won't make it into next version of the distribution, not that it
should get removed from the current version, causing regressions for users
> So if you would like to have the package in EPEL, you need to find
> a maintainer or maintain it.
sorry, I just don't follow your logic
it wasn't me who did the action - why should I undo it?
QE BaseOs/Daemons Team
Red Hat Czech, Brno
tel. +420 532294274
(RH: +420 532294111 ext. 8262074)
xmpp kavol at jabber.cz
:: "Never attribute to malice what can
:: easily be explained by stupidity."
More information about the epel-devel