-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01.02.2013 14:47, Rich Freeman wrote: >> And how will you get to know about current or future security >> issues if nobody (in Gentoo) cares about the package? > The same way that you know about security issues in Firefox or > Chromium [...] Until somebody tells upstream about them you're > going to be vulnerable.
Indeed. In contrast to many of the packages that were mentioned in this thread, Firefox and Chromium have an active upstream, though. What do you think will happen to projects with a dead upstream? I think the answer is pretty simple: Nothing. Thus, your users' systems will remain vulnerable and you won't even know about it. Best regards, Wulf -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlELyXkACgkQnuVXRcSi+5q6UgCfQLgmYQkShYNu2bwokxzP32Fv FBEAoNz/qw2QRArkSUugGXgL3bII6zn9 =aboK -----END PGP SIGNATURE-----
