| 1 |
On 2/02/2013 00:36, Wulf C. Krueger wrote: |
| 2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 3 |
> Hash: SHA1 |
| 4 |
> |
| 5 |
> On 01.02.2013 14:26, Rich Freeman wrote: |
| 6 |
>> As long as it builds on 80%+ of systems and has no serious issues |
| 7 |
>> (security in particular) there is no reason to remove a package. |
| 8 |
> |
| 9 |
> And how will you get to know about current or future security issues if |
| 10 |
> nobody (in Gentoo) cares about the package? |
| 11 |
The security team routinely monitors various information sources to |
| 12 |
ensure that issues are tracked regardless of maintainer. |
| 13 |
|
| 14 |
>> Remove things when they cause problems, not before. |
| 15 |
> |
| 16 |
> You mean, not before your users' systems have been compromised and they |
| 17 |
> complain loudly about it? |
| 18 |
> |
| 19 |
> Best regards, Wulf |
| 20 |
> -----BEGIN PGP SIGNATURE----- |
| 21 |
> Version: GnuPG v2.0.19 (GNU/Linux) |
| 22 |
> Comment: Using GnuPG with undefined - http://www.enigmail.net/ |
| 23 |
> |
| 24 |
> iEYEARECAAYFAlELxNgACgkQnuVXRcSi+5qP8wCghvWTuQvcFfJojX9HS8Jln6O/ |
| 25 |
> 144AnipUMY1NU8DbrtzesEbvpSHeYkPt |
| 26 |
> =awFq |
| 27 |
> -----END PGP SIGNATURE----- |
| 28 |
> |
| 29 |
> |
Archives