| 1 |
On Sat, Mar 11, 2017 at 6:54 PM, Kristian Fiskerstrand <k_f@g.o> wrote: |
| 2 |
> On 03/11/2017 11:23 PM, Andrew Savchenko wrote: |
| 3 |
>> |
| 4 |
>> My point is that users must be informed about security problem, but |
| 5 |
>> they still should have a choice. So it should be either a rule |
| 6 |
>> "mask without removal" or clear guidelines when to remove a |
| 7 |
>> package and when to not. |
| 8 |
> |
| 9 |
> At some point, of a package does not belong in the main tree due to |
| 10 |
> security vulnerabilities, they can still be kept in an overlay by a |
| 11 |
> respective project without it impacting other users. I'm not convinced |
| 12 |
> that impacts the overall user experience of other Gentoo users. |
| 13 |
> |
| 14 |
|
| 15 |
Is there any reason that this can't be left to maintainer discretion? |
| 16 |
The package is masked and clearly advertises its security issue. The |
| 17 |
user can make an informed choice. Do we really need to force the |
| 18 |
issue further? What is the benefit to Gentoo in doing so? |
| 19 |
|
| 20 |
-- |
| 21 |
Rich |
Archives