1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 9/25/2014 8:42 AM, Andrew Savchenko wrote: |
5 |
> Hello, |
6 |
> |
7 |
> many packages in tree are masked due to security issues instead of |
8 |
> issuing GLSA for them. Why? At this moment I counted 56 such |
9 |
> packages in package.mask. |
10 |
> |
11 |
> Some of these packages have GLSAs issued (e.g. nethack and |
12 |
> friends) and have no fixes, so this is understandable. But most |
13 |
> packages are just masked "due to security bugs", I recently |
14 |
> stumbled upon: ppp, mariadb, mysql, vlc... |
15 |
|
16 |
In the case of mysql and friends, it is the policy of the mysql team |
17 |
to give administrators time to upgrade. |
18 |
|
19 |
Sometimes, this is not straight forward and they need to test changes |
20 |
before going to production. |
21 |
|
22 |
The mask gives notice that you should move away from the installed |
23 |
version. |
24 |
|
25 |
GLSAs still may be issued and bugs closed as usual. This is just |
26 |
another notice mechanism. |
27 |
|
28 |
Brian |
29 |
|
30 |
-----BEGIN PGP SIGNATURE----- |
31 |
Version: GnuPG v2.0.17 (MingW32) |
32 |
|
33 |
iQEcBAEBAgAGBQJUJBZIAAoJEE4V4vFnx44dEf4H/jn3fetMWrtV15bbUx0txuXo |
34 |
QMi9Qh2q1f+GiEGFKIqW2UC7m0Acp2GDHWZaxGGgRyVRRtjbyIh+SxIZISMVbud8 |
35 |
5BQBH+6QnmA1miLaYLxxBdOLDddb3cDpGB9YvgnffuQ0Od9iOoYkzX9KstPjrd7g |
36 |
Dao/ra0FEM3ZXTikdt2Z0uMC5bwq1ltmpmGYED0XoAU/ab4vqAY9mrNag2BlDhU3 |
37 |
j4O/Z+sUhLAwVehxo0i33NhJ/L1tB/8HucNa/io/GIVwFuZjHTsnYUXdu8MNaNF7 |
38 |
E6VK5V1WEqodoRZDw46L83Sjqfh248vK2FqWNKsp3nB1EnH2is64dHUb1zja0+I= |
39 |
=DFmB |
40 |
-----END PGP SIGNATURE----- |