tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [HEADSUP] Removing vulnerable packages



On Fri, Apr 01, 2011 at 11:24:10AM -0400, Greg Troxel wrote:
> Thomas Klausner <wiz%NetBSD.org@localhost> writes:
> 
> > I think you misunderstood my intention.
> > I selected packages which have security issues for over 15 months
> > (probably much longer in some cases) _and_ which weren't update in the
> > same timeframe. This is in my eyes a good indicator of packages in
> > which noone is seriously interested and for which an upstream might
> > not even exist any longer.
> >
> > There is no point in keeping such packages in pkgsrc, since we're not
> > maintaining them.
> 
> OK, that makes sense, but the notion of "these packages are obviously
> ancient and no one should be using them" did not come through to me in
> your message.  It's the "vulnerable and not updated recently => presumed
> should be removed" logic that I object to.  

Sorry I didn't make myself clearer in the first email.

> I didn't mean to speak up for the gdb package.  I don't understand it's
> purpose, as the in-tree gdb seems better for NetBSD.

Ok. Perhaps as a more modern gdb for older NetBSD releases, but
without a maintainer, that won't work.
 Thomas


Home | Main Index | Thread Index | Old Index