On Fri, 31 Jul 2020 12:48:44 +0200, Tomasz Torcz wrote: > What about bringing old, possibly unmaintained library into Fedora? > It may contain unfixed security bugs. Not that I know of any, but it's > a possibility.
1) First it would need to pass the review process. Submitter _and_ reviewer both ought to notice that it is "old, possibly unmaintained" software. In case of a lib, there's also the related question of "what will use this lib?". Later it will be "what still uses this lib?" and "are there alternatives or a successor?". 2) Once a package has been included in the package collection, "old, possibly unmaintained" software is sort of a grey area. There are thousands of packages in the collection, "possibly" with undiscovered security issues. For those that are known to contain major vulnerabilities and are unmaintained (like wxGTK2), it may be necessary to remove a package from the collection. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
