[Dev] [consensus][due: 2016-10-20] Quarentena for unsecured unmaintained packages

Luke g4jc at openmailbox.org
Fri Oct 7 21:47:56 GMT 2016

> Joshua Haase <xihh at riseup.net> writes:
>> André Silva <emulatorman at riseup.net> writes:
>>> [ Unknown signature status ]
>>> On 10/04/2016 07:31 PM, Alejandro Hernández wrote:
>>>> But I'm talking about what to do with detected unsecured (long time)
>>>> unmaintained packages. I mean packages without updates with security
>>>> vulnerabilities known. (Like nowadays 'icecat')
>>> We could move icecat to [libre-testing] until new version will be
>>> released, what do you think guys?
>> Agreed.
> testing is for new, possible unstable packages, not for old and
> unmaintained.
> i'd remove them or move them to [unmaintained].  there's lots of
> unmaintained packages on [pcr] too...
> _______________________________________________
> Dev mailing list
> Dev at lists.parabola.nu
> https://lists.parabola.nu/mailman/listinfo/dev

I agree that [libre-testing] isn't the place for old/unmaintained packages.
If a package has been completely abandoned upstream and a security
vulnerability has been found, it should probably just be removed.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20161007/91c3fd63/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20161007/91c3fd63/attachment.sig>

More information about the Dev mailing list