| 1 |
On 05/09/2017 04:12 AM, Rich Freeman wrote: |
| 2 |
> On Tue, May 9, 2017 at 12:23 AM, Yury German <blueknight@g.o> wrote: |
| 3 |
>> |
| 4 |
>> we can not call for cleanup or release the GLSA, |
| 5 |
>> waiting for a stabilization of a non-core package, while the actual |
| 6 |
>> package has been in a tree in ~arch status for weeks or months. |
| 7 |
> |
| 8 |
> Why not? If an arch is considered a non-security-supported arch then |
| 9 |
> you would just ignore it in a security bug. |
| 10 |
> |
| 11 |
|
| 12 |
For example, I can't remove the ancient and vulnerable nagios-3.5.1 |
| 13 |
because an alternative is missing keywords: |
| 14 |
|
| 15 |
https://bugs.gentoo.org/show_bug.cgi?id=605724 |
| 16 |
|
| 17 |
If I drop nagios-3.5.1 without the keywords, pnp4nagios breaks. |
Archives