| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 9/25/2014 8:42 AM, Andrew Savchenko wrote: |
| 5 |
> Hello, |
| 6 |
> |
| 7 |
> many packages in tree are masked due to security issues instead of |
| 8 |
> issuing GLSA for them. Why? At this moment I counted 56 such |
| 9 |
> packages in package.mask. |
| 10 |
> |
| 11 |
> Some of these packages have GLSAs issued (e.g. nethack and |
| 12 |
> friends) and have no fixes, so this is understandable. But most |
| 13 |
> packages are just masked "due to security bugs", I recently |
| 14 |
> stumbled upon: ppp, mariadb, mysql, vlc... |
| 15 |
|
| 16 |
In the case of mysql and friends, it is the policy of the mysql team |
| 17 |
to give administrators time to upgrade. |
| 18 |
|
| 19 |
Sometimes, this is not straight forward and they need to test changes |
| 20 |
before going to production. |
| 21 |
|
| 22 |
The mask gives notice that you should move away from the installed |
| 23 |
version. |
| 24 |
|
| 25 |
GLSAs still may be issued and bugs closed as usual. This is just |
| 26 |
another notice mechanism. |
| 27 |
|
| 28 |
Brian |
| 29 |
|
| 30 |
-----BEGIN PGP SIGNATURE----- |
| 31 |
Version: GnuPG v2.0.17 (MingW32) |
| 32 |
|
| 33 |
iQEcBAEBAgAGBQJUJBZIAAoJEE4V4vFnx44dEf4H/jn3fetMWrtV15bbUx0txuXo |
| 34 |
QMi9Qh2q1f+GiEGFKIqW2UC7m0Acp2GDHWZaxGGgRyVRRtjbyIh+SxIZISMVbud8 |
| 35 |
5BQBH+6QnmA1miLaYLxxBdOLDddb3cDpGB9YvgnffuQ0Od9iOoYkzX9KstPjrd7g |
| 36 |
Dao/ra0FEM3ZXTikdt2Z0uMC5bwq1ltmpmGYED0XoAU/ab4vqAY9mrNag2BlDhU3 |
| 37 |
j4O/Z+sUhLAwVehxo0i33NhJ/L1tB/8HucNa/io/GIVwFuZjHTsnYUXdu8MNaNF7 |
| 38 |
E6VK5V1WEqodoRZDw46L83Sjqfh248vK2FqWNKsp3nB1EnH2is64dHUb1zja0+I= |
| 39 |
=DFmB |
| 40 |
-----END PGP SIGNATURE----- |
Archives