Hi, I'm going to ask the removal of the zoo archiver suite from Fedora Extras repositories. The existing zoo codebase is potentially insecure, and there is no one to audit it and coordinate fixes. This unfortunate situation haven't changed since the last CERT alerts, and the rushed fixes we used then. As far as I know zoo was never used in Fedora except as a pluggin in mail filters to uncompress zoo attachements and scan them. Needless to say the last thing you want when processing external uncontrolled input is old crufty orphaned unaudited code. If you need zoo for something please ping me and I'll give over maintainership to you. But please remember accepting the maintainership now implies doing the security audit zoo sorely needs, as I don't see how the package could be kept in Fedora repositories otherwise. If no one objects I'll go on with the orphaning and request for repository removal tomorrow evening (CET time) Regards, -- Nicolas Mailhot
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
