Patrice Dumas wrote:
This may be OK for some types of packages, but crypto has challeges of it's own. There are constantly new attacks published against existing crypto implementations. These attacks are not necessarily 'bugs' in the implementation, per se (not the same way a stack over flow or an uninitialized variable is a bug -- even it it's latent), but improvements in the state of the art of cryptanalysis). Any crypto code without a very active upstream tracking these issue will very quickly atrophie and become vulnerable.On Thu, Mar 13, 2008 at 12:33:17AM -0500, Toshio Kuratomi wrote:There's some basis for Jef's argument in the "Fedora is not a dumping ground for old, unmaintained software" philosophy. OTOH, the line between no upstream, a little upstream activity, and maintained by the Fedora Packager could get blurry here. So if we're planning on proposing some actual guidelines regarding what is an appropriate level of upstream activity to consider a package for Fedora, a conversation about this is *definitely* needed.This comes up now and then. Some package are completly unmaintained, but also completly stable and don't need an upstream maintainer anymore, sothat maintaining them in fedora is right.
bob
<<attachment: smime.p7s>>
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
