| 1 |
On Fri, Feb 1, 2013 at 8:36 AM, Wulf C. Krueger <wk@×××××××××××.de> wrote: |
| 2 |
> |
| 3 |
> And how will you get to know about current or future security issues if |
| 4 |
> nobody (in Gentoo) cares about the package? |
| 5 |
|
| 6 |
The same way that you know about security issues in Firefox or |
| 7 |
Chromium - somebody reports them. Security bugs still go to the |
| 8 |
security team, and they're welcome to treeclean with a vengence. |
| 9 |
|
| 10 |
I guarantee that you have unreported security bugs in whatever browser |
| 11 |
and email client you're using right now. Until somebody tells |
| 12 |
upstream about them you're going to be vulnerable. |
| 13 |
|
| 14 |
That said, I'm fine with having some kind of overlay for stuff like |
| 15 |
this (we need to reduce the stigma on overlays), and I think that |
| 16 |
having some kind of quality tagging system also makes sense for |
| 17 |
communicating just how clean packages are. Give the users a choice. |
| 18 |
Overlays seem to be largely used to do just this - the overlay itself |
| 19 |
has some connotation of level-of-quality. |
| 20 |
|
| 21 |
Rich |
Archives