[Dev] [consensus][due: 2016-10-20] Quarentena for unsecured unmaintained packages
alejandrohp at openmailbox.org
Tue Oct 4 22:31:22 GMT 2016
El 2016-10-04 22:34, fauno escribió:
> maybe you can device a shell script that informs when a package hasn't
> been updated for some time? it would be a matter of parsing pacman -Si
> output (or the database directly)
> Alejandro Hernández <alejandrohp at openmailbox.org> writes:
>> I was using 'Icecat' during 4 months. I wrote an email to the
>> and I was answered that icecat is not maintained nowadays and it has
>> multiple vulnerabilities. But 'icecat' is available for users into
>> 'libre repo'.
>> Is there a way to put into quarentena non secure or not maintained
>> Not maintained package, with security problems could be into another
>> "(quarentena) repo". Or whatever, but not be (temporarily) available
>> default for users.
>> Dev mailing list
>> Dev at lists.parabola.nu
'pacman -Si' informs about the compilation date by Parabola team. Maybe
with an external script...
But I'm talking about what to do with detected unsecured (long time)
unmaintained packages. I mean packages without updates with security
vulnerabilities known. (Like nowadays 'icecat')
More information about the Dev