On Thu, 30 Jun 2016 22:51:51 -0400 Anthony G. Basile wrote: > I'm going to ask the security team to please stop running around > p.masking packages without acknowledgement from the maintainers. I'm > referring in particular to commit > 135b94c85950254f559f290f4865bce8b349a917 regarding monkeyd. Both of the > cited "security bugs" were long fixed, and even if the were not, they do > not merit masking because they were at best some information leakage > with minor impact. I have reverted that commit and would ask that > security stop this practice.
Seconded here, the same applies to commit 61de68f69fdf7dd0aaa53303517c0e59738034c3, since security issues doesn't affect most popular use cases, and at least first security bug is fixed in [1]. Haven't tested the other bug, though. The same applies for the tree-cleaners team. While their job is very important, sometimes they are too hasty, like in commit 34181a1045d13142d959b9c894a46ddcebf3c512. If package builds and works fine, have no critical bugs opened, the sheer fact that upstream as inactive and package has no maintainer is no valid to remove package. The reason "are still sitting in ~arch" is even less valid, since it is absolutely fine that package never mades it into stable (some people do not use stable at all). [1] https://github.com/Mr-Dave/motion Best regards, Andrew Savchenko
pgp0tJifYcOSA.pgp
Description: PGP signature
