On Wed, 12 Apr 2006, Nils Breunese (Lemonbit Internet) wrote:
But Red Hat maintained packages will probably be updated, while the legacy
packages may not. The question is whether legacy should do update the FL
maintained package or say: "This has nothing to do with security so we won't
fix it". I believe some people on this least agree this could be a slight
security issue (at a stretch), i.e. when whois is used for automated lookups.
Let me put a challenge for you guys.
If I see work on jwhois src.rpm packages AND at least one another
NEEDSWORK package [1], for all the relevant distributions [2], I would
probably consider evaluation these under publish criteria.
But unless a proponent of the update actually steps up to do the work
(and some token work for some other Fedora Legacy updates), I wouldn't
recommend anyone else from Fedora Legacy project to spend their time
on this. We have far too many, much more important packages still
sitting on the "needs packages" pile.
[1] http://netcore.fi/pekkas/buglist.html
[2] http://fedoraproject.org/wiki/Legacy/QASubmit
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list