I have a suggestion, not totally related.
It would be nice to have a tool which does the same thing than portaudit for FreeBSD.
This tool is simple: you launch it, and it lists which packages are vulnerable.
That's way you don't need to wait for a package to be in -testing or in -stable to know whether there is a security issue.
It could improve tests also. Because if the tool lists a package which is vulnerable, if it is in -testing and not yet in -stable, then more users will update it from testing.
I did not reply and created a new subject because I was not subscribed to the list.
Documentation:
freebsd.org/doc/handbook/security-portaudit.html
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel