Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=518949 --- Comment #17 from Toshio Ernie Kuratomi <a.badger@xxxxxxxxx> 2009-12-16 10:42:51 EDT --- When an upstream is dead like you're saying tkImg and tkHTML3 are, the problem of bundled and static libraries is exacerbated. In those cases, instead of having to wait for multiple upstreams to discover problems, make fixes, announce them, and then have the next upstream in the chain realise the problem affects their bundled libraries, make fixes, and release updated tarballs, we have upstreams whose source will never change even though there's known security vulnerabilities. This makes it even more imperative that the packager fixes these problems as soon as possible as the packager is the new upstream for the package and if they package with these problems then the maintenance burden for fixing those types of security problems falls entirely on them. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review