On Thu, 21 Aug 2014 16:52:37 +0200
Haïkel <hguemar@xxxxxxxxxxxxxxxxx> wrote:
> 2014-08-21 16:23 GMT+02:00 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx>:
> > On Thu, Aug 21, 2014 at 04:19:17PM +0200, Haïkel wrote:
> >> > (c) An orphaned package is not necessarily a risk ("security"
> >> > has been mentioned here ...). Just because it might be a risk
> >> > on rare occasions doesn't mean we have to throw out every
> >> > orphaned package. Security bugs can sit around in non-orphaned
> >> > packages too.
> >> You're right, but filtering packages that we could safely keep or
> >> not would require manual filtering (though it could be partly
> >> automated) We don't have enough manpower for that, unless a group
> >> wants to make a counter-proposal, I don't see a better way to
> >> solve that issue.
> >
> > Could we move these to an "at your own risk" separate repository
> > rather than deleting them, except for when we know that there's a
> > critical security issue?
> >
>
> Sounds reasonable to me, that might require adapting our
> infrastructure though.
This would be a tremendous amount of work from
releng/infrastructure/security-team for not much gain, IMHO.
kevin
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
