On Thu, Jan 19, 2012 at 03:30:50PM -0800, Adam Williamson wrote: > On Sat, 2012-01-14 at 19:12 +0100, Kevin Kofler wrote: > > Kevin Fenzi wrote: > > > Keeping packages around with no maintainers or people handling their > > > bugs is poor for everyone. > > > > Why? If I, as a user, really need a certain piece of software, I'd rather > > have an unmaintained package than none at all! Worst case, I can't use the > > package at all, in which case I'm still no worse off than with no package at > > all! > > I disagree. The existence of a package triggers certain assumptions: the > package will be maintained and keep working. That's the point of there > *being* a package, after all. So if there's a package for something, I > don't check for security updates for that 'something' myself. I figure > the packager is doing that for me. > > So if I wind up with an unmaintained package installed, my security has > just been reduced. Do you have the numbers to prove that? Also note that not all packages contain code. (I just found leonidas-backgrounds-lion-dual-11.0.0-2.fc12.noarch on my machine. This package is most certainly unmaintained. Oh my god, my machine is insecure!) D. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
