package (tinyca2) not longer present in F15, what to do about it?

Wed Aug 10 09:10:00 UTC 2011

-----Original Message-----
From: users-bounces at lists.fedoraproject.org [mailto:users-bounces at lists.fedoraproject.org] On Behalf Of Chris Adams
Sent: Tuesday, August 09, 2011 3:53 PM
To: users at lists.fedoraproject.org
Subject: Re: package (tinyca2) not longer present in F15, what to do about it?

Once upon a time, Stephen Gallagher <sgallagh at redhat.com> said:
> I should note, however, that tinyca2 development appears dead upstream.
> It last saw a release on July 25, 2006! So chances are good that it's no
> longer safe for inclusion in Fedora.

Why does "long time since last release" mean "no longer safe"?  Programs
don't have to change for the sake of change.
-----Original Message-----

Imho, I think different things are mixed up....

A) a very well designed piece of software I less likely to suffer from daily/weekly/monthly updates
And security patches or bug fixes might introduce new "side effects" themselves ;-)

B) Any program with a GUI have to move along, if your program uses an ancient version of qt/gtk1/php3/python/perl/you-name-it, their might come a time that those libs are not shipped anymore.

C) No maintainer means that no one simply looks _IF_ their might be issues. If it is still in (any) distro, it probably means that there were no errors during building/linking.

Specially with any package that is somehow related to security it would be comforting to be assured that at least some people take the trouble to have a look at it. The fact that without any changes it still works after all these years would not be enough for something like a CA.

So what to do about it? Move to something else or get it properly maintained.

hw

______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.