Seth brings up an interesting issue. If we don't have people interested in fixing a package, then it will still be vulnerable. Should we keep track of this in bugzilla? Just create a bug and tag it NOOWNER. Or something like that? This way we don't give people the idea that everything is fixed security wise if you use FedoraLegacy.
Just a thought.
Please file the report with LEGACY keyword. Perhaps "NOPACKAGE" within the bug title until an actual package is posted at a later date.
Warren
