1 |
On Fri, 14 Dec 2018 12:03:52 -0800 |
2 |
Matt Turner <mattst88@g.o> wrote: |
3 |
|
4 |
> Thanks. What do we want to do about -304? |
5 |
|
6 |
It's not on the list above because it's a "legacy driver", not a |
7 |
"short lived" branch[1]. It's not relevant in this context what happens |
8 |
to the 304 branch, the context being a cleanup of intermediate branches |
9 |
that were abandoned and surpassed by "long lived" branches. |
10 |
|
11 |
> It still requires xorg-server-1.19 which I'd like to drop due to a |
12 |
> security vulnerability. After the listed versions are gone, -304 will |
13 |
> be the only thing keeping 1.19 in tree. |
14 |
|
15 |
I see no open security bug report for this. If we had one of those, then |
16 |
we could write a package.mask entry for both xorg-server and |
17 |
nvidia-drivers with a reference to the security issue, or add the |
18 |
branches that are now masked for removal. That way people can plan |
19 |
their hardware's obsolescence properly or shift to a different driver. |
20 |
|
21 |
|
22 |
Kind regards, |
23 |
jer |
24 |
|
25 |
|
26 |
[1] https://www.nvidia.com/object/IO_32667.html |