On Thu, Jun 07, 2018 at 05:13:06AM +0000, Tobias Urdin wrote: > Just sliding in with my 2 cents which are off-topic to the discussion but... > > I've always found it fascinating why one would completely remove > packages from official mirrors when the version is not supported anymore. > There will probably always be somebody that might be looking for them, > I've always had that feeling with RPMs compared to Debs.
Can you elaborate here on how RPMs are different to .debs? What do you expect, when you're installing these packages? Do you expect them to work? Do you expect, they won't create a security issue? Do you want to be able to use them in production? Is there a value in distributing something, which doesn't work (anymore)? What happens, if there is an issue, or a distributed rpm contains a CVE? In that case, we'd actively distribute vulnerable software. I always wondered, why someone would ask for software with a vulnerability (or more). This is to get expectations right[1]. It might look good at the beginning, but can turn bad quite quickly. Matthias [1] https://twitter.com/AwardsDarwin/status/1003934362403049472 -- Matthias Runge <[email protected]> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander _______________________________________________ dev mailing list [email protected] http://lists.rdoproject.org/mailman/listinfo/dev To unsubscribe: [email protected]
