1 |
On Fri, Feb 1, 2013 at 8:36 AM, Wulf C. Krueger <wk@×××××××××××.de> wrote: |
2 |
> |
3 |
> And how will you get to know about current or future security issues if |
4 |
> nobody (in Gentoo) cares about the package? |
5 |
|
6 |
The same way that you know about security issues in Firefox or |
7 |
Chromium - somebody reports them. Security bugs still go to the |
8 |
security team, and they're welcome to treeclean with a vengence. |
9 |
|
10 |
I guarantee that you have unreported security bugs in whatever browser |
11 |
and email client you're using right now. Until somebody tells |
12 |
upstream about them you're going to be vulnerable. |
13 |
|
14 |
That said, I'm fine with having some kind of overlay for stuff like |
15 |
this (we need to reduce the stigma on overlays), and I think that |
16 |
having some kind of quality tagging system also makes sense for |
17 |
communicating just how clean packages are. Give the users a choice. |
18 |
Overlays seem to be largely used to do just this - the overlay itself |
19 |
has some connotation of level-of-quality. |
20 |
|
21 |
Rich |