Jakub Moc <[EMAIL PROTECTED]> wrote: > Ciaran McCreesh napsal(a): > > | Screaming? WTF really. What's misleading about listing vulnerable > > | versions and asking for their removal? > > > > They can't be removed yet. Stop filing bugs telling people to do so. > > Eh? Why should I stop filing bugs about stale vulnerable cruft? Should > it stay in the tree forever (unless some $we_all_know_which_arch dev > wakes up by miracle and moves)?
How about cc'ing arches, which are affected by this? You still get your point across and maybe arches move it up their priority list if they see a removal "b/c of centuries old vulnerabilities". I'm happy with you reporting vulnerable ebuilds and request action on them. However, i agree with mips that breaking their deptree is bad. I know they're working really hard (keep in mind the machines they got) on getting things done. I still don't see the point of removing stable keywords from those ebuilds, though. I'd like to keep the p.mask for this, maybe with mips and other known to lag behind arches unmasking the ebuilds in question. (That would at least say "we're aware that these versions are vulnerable but can't upgrade yet") -- Regards, Matti Bickel Homepage: http://www.rateu.de Encrypted/Signed Email preferred
pgpVrHl38VSAl.pgp
Description: PGP signature
