Re: [ACTION REQUIRED] Retiring packages for F-17

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01/17/2012 09:54 AM, Stephen Gallagher wrote:

On Tue, 2012-01-17 at 02:21 +0100, Kevin Kofler wrote:

While that makes some sense, it was not my point. My point was that even if
the package has NO maintainer, as long as it works, it's still better than
no package at all!


Not true. A package that appears to work, has people using it, but has
no one maintaining it is likely to become a package that has exploitable
security issues.

I'm in favor of retiring unmaintained packages. At worst, it will
encourage someone to step up to re-add it if it is actually important.
I am more with Kevin on this one---absence of evidence of security is not evidence of absence of security. We should require actual manifestations of bit rot (bug reports, vulnerability records) before we consider abandoning packages. 



--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux