On Monday, 10 February 2020 at 15:56, Peter Robinson wrote: > > > > > > As long as it builds and functions, why remove it? > > > > > > > > > > Because it has lots of critical vulnerabilities and endangers > > > > > end-user devices. > > > > > > > > Please name a couple. Nobody has provided a single specific case > > > > of an unfixed security vulnerability affecting gstreamer 0.10.x > > > > yet. > > > > > > CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808, > > > CVE-2016-9807, CVE-2016-9445, CVE-2016-9446, CVE-2016-9447, > > > CVE-2016-9809 > > > > I asked for unfixed ones. All the above are fixed in RHEL7 and most > > are fixed in RHEL6 as well. Also most of them are low impact. So, > > where are all the critical ones that are not fixed? > > What's this got to do with RHEL? It means that the fixes are available and can be applied to Fedora package if necessary. I'm still waiting for someone to point out a specific *unfixed* *critical* vulnerability that some of the folks posting in this thread mentioned. Otherwise, I see no reason to prevent me or anyone else from keeping gstreamer 0.10 packages alive in Fedora. Regards, Dominik -- Fedora https://getfedora.org | RPM Fusion http://rpmfusion.org There should be a science of discontent. People need hard times and oppression to develop psychic muscles. -- from "Collected Sayings of Muad'Dib" by the Princess Irulan _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
