1 |
On Sat, Mar 11, 2017 at 6:54 PM, Kristian Fiskerstrand <k_f@g.o> wrote: |
2 |
> On 03/11/2017 11:23 PM, Andrew Savchenko wrote: |
3 |
>> |
4 |
>> My point is that users must be informed about security problem, but |
5 |
>> they still should have a choice. So it should be either a rule |
6 |
>> "mask without removal" or clear guidelines when to remove a |
7 |
>> package and when to not. |
8 |
> |
9 |
> At some point, of a package does not belong in the main tree due to |
10 |
> security vulnerabilities, they can still be kept in an overlay by a |
11 |
> respective project without it impacting other users. I'm not convinced |
12 |
> that impacts the overall user experience of other Gentoo users. |
13 |
> |
14 |
|
15 |
Is there any reason that this can't be left to maintainer discretion? |
16 |
The package is masked and clearly advertises its security issue. The |
17 |
user can make an informed choice. Do we really need to force the |
18 |
issue further? What is the benefit to Gentoo in doing so? |
19 |
|
20 |
-- |
21 |
Rich |