[Dev] [consensus][due: 2016-10-20] Quarentena for unsecured unmaintained packages

Alejandro Hernández alejandrohp at openmailbox.org
Tue Oct 4 22:31:22 GMT 2016

El 2016-10-04 22:34, fauno escribió:
> maybe you can device a shell script that informs when a package hasn't
> been updated for some time?  it would be a matter of parsing pacman -Si
> output (or the database directly)
> Alejandro Hernández <alejandrohp at openmailbox.org> writes:
>> Hi,
>> I was using 'Icecat' during 4 months. I wrote an email to the 
>> developer
>> and I was answered that icecat is not maintained nowadays and it has
>> multiple vulnerabilities. But 'icecat' is available for users into
>> 'libre repo'.
>> Is there a way to put into quarentena non secure or not maintained
>> packages?
>> Not maintained package, with security problems could be into another
>> "(quarentena) repo". Or whatever, but not be (temporarily) available 
>> by
>> default for users.
>> 🤔
>> Thanks,
>> _______________________________________________
>> Dev mailing list
>> Dev at lists.parabola.nu
>> https://lists.parabola.nu/mailman/listinfo/dev

'pacman -Si' informs about the compilation date by Parabola team. Maybe 
with an external script...

But I'm talking about what to do with detected unsecured (long time) 
unmaintained packages. I mean packages without updates with security 
vulnerabilities known. (Like nowadays 'icecat')

More information about the Dev mailing list