----- Original Message ----- From: "Kevin Kofler" <kevin.kofler@xxxxxxxxx> To: devel@xxxxxxxxxxxxxxxxxxxxxxx Sent: Saturday, October 8, 2016 3:13:10 PM Subject: Re: including EOL and vulnerable software in Fedora > * should not be necessary to run software, software for Python n.m usually > runs just fine with the newer n.m+1, Not really. >* in fact, have it as an explicit non-goal to package things against them, >* contain the priceless "No security fixes will be applied.", which is an > entirely unacceptable attitude: at the very least, if someone files a bug > report with an explicit CVE against your package, you are supposed to at > least TRY to backport the fix for that CVE, and ask for help if you fail. That is also not true. I encourage you and everyone who makes these claims to go read the tickets. If people's issues is just the CVE's, and then everything will be fine, we can go and fix all the CVE's discovered so far. The thing that people do not seem to understand here, is that these packages are not supported anymore upstream (as so many other packages in Fedora), and this is what is stressed out in the description of the packages. > These python[23][1-9] packages are entirely unnecessary and should go away ASAP. Again I suggest you read the tickets before making these assumptions. Charalampos Stratakis Associate Software Engineer Python Maintenance Team, Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
