| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 01.02.2013 14:47, Rich Freeman wrote: |
| 5 |
>> And how will you get to know about current or future security |
| 6 |
>> issues if nobody (in Gentoo) cares about the package? |
| 7 |
> The same way that you know about security issues in Firefox or |
| 8 |
> Chromium [...] Until somebody tells upstream about them you're |
| 9 |
> going to be vulnerable. |
| 10 |
|
| 11 |
Indeed. In contrast to many of the packages that were mentioned in this |
| 12 |
thread, Firefox and Chromium have an active upstream, though. |
| 13 |
|
| 14 |
What do you think will happen to projects with a dead upstream? I |
| 15 |
think the answer is pretty simple: Nothing. |
| 16 |
|
| 17 |
Thus, your users' systems will remain vulnerable and you won't even |
| 18 |
know about it. |
| 19 |
|
| 20 |
Best regards, Wulf |
| 21 |
-----BEGIN PGP SIGNATURE----- |
| 22 |
Version: GnuPG v2.0.19 (GNU/Linux) |
| 23 |
Comment: Using GnuPG with undefined - http://www.enigmail.net/ |
| 24 |
|
| 25 |
iEYEARECAAYFAlELyXkACgkQnuVXRcSi+5q6UgCfQLgmYQkShYNu2bwokxzP32Fv |
| 26 |
FBEAoNz/qw2QRArkSUugGXgL3bII6zn9 |
| 27 |
=aboK |
| 28 |
-----END PGP SIGNATURE----- |
Archives