<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><br>
<br>
<br>
</div>
<blockquote cite="mid:87a8egp1mj.fsf@endefensadelsl.org" type="cite">
<pre wrap="">Joshua Haase <a class="moz-txt-link-rfc2396E" href="mailto:xihh@riseup.net"><xihh@riseup.net></a> writes:
</pre>
<blockquote type="cite">
<pre wrap="">André Silva <a class="moz-txt-link-rfc2396E" href="mailto:emulatorman@riseup.net"><emulatorman@riseup.net></a> writes:
</pre>
<blockquote type="cite">
<pre wrap="">[ Unknown signature status ]
On 10/04/2016 07:31 PM, Alejandro Hernández wrote:
</pre>
<blockquote type="cite">
<pre wrap="">But I'm talking about what to do with detected unsecured (long time)
unmaintained packages. I mean packages without updates with security
vulnerabilities known. (Like nowadays 'icecat')
</pre>
</blockquote>
<pre wrap="">
We could move icecat to [libre-testing] until new version will be
released, what do you think guys?
</pre>
</blockquote>
<pre wrap="">
Agreed.
</pre>
</blockquote>
<pre wrap="">
testing is for new, possible unstable packages, not for old and
unmaintained.
i'd remove them or move them to [unmaintained]. there's lots of
unmaintained packages on [pcr] too...
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Dev@lists.parabola.nu">Dev@lists.parabola.nu</a>
<a class="moz-txt-link-freetext" href="https://lists.parabola.nu/mailman/listinfo/dev">https://lists.parabola.nu/mailman/listinfo/dev</a>
</pre>
</blockquote>
<p>I agree that [libre-testing] isn't the place for old/unmaintained
packages.<br>
If a package has been completely abandoned upstream and a security
vulnerability has been found, it should probably just be removed.<br>
</p>
</body>
</html>