[Dev] [consensus][due: 2016-10-20] Quarentena for unsecured unmaintained packages
fauno
fauno at endefensadelsl.org
Tue Oct 4 20:34:23 GMT 2016
maybe you can device a shell script that informs when a package hasn't
been updated for some time? it would be a matter of parsing pacman -Si
output (or the database directly)
Alejandro Hernández <alejandrohp at openmailbox.org> writes:
> Hi,
>
> I was using 'Icecat' during 4 months. I wrote an email to the developer
> and I was answered that icecat is not maintained nowadays and it has
> multiple vulnerabilities. But 'icecat' is available for users into
> 'libre repo'.
>
> Is there a way to put into quarentena non secure or not maintained
> packages?
> Not maintained package, with security problems could be into another
> "(quarentena) repo". Or whatever, but not be (temporarily) available by
> default for users.
>
> 🤔
>
> Thanks,
> _______________________________________________
> Dev mailing list
> Dev at lists.parabola.nu
> https://lists.parabola.nu/mailman/listinfo/dev
--
:>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 584 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20161004/831e1d82/attachment.sig>
More information about the Dev
mailing list