1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 01.02.2013 14:47, Rich Freeman wrote: |
5 |
>> And how will you get to know about current or future security |
6 |
>> issues if nobody (in Gentoo) cares about the package? |
7 |
> The same way that you know about security issues in Firefox or |
8 |
> Chromium [...] Until somebody tells upstream about them you're |
9 |
> going to be vulnerable. |
10 |
|
11 |
Indeed. In contrast to many of the packages that were mentioned in this |
12 |
thread, Firefox and Chromium have an active upstream, though. |
13 |
|
14 |
What do you think will happen to projects with a dead upstream? I |
15 |
think the answer is pretty simple: Nothing. |
16 |
|
17 |
Thus, your users' systems will remain vulnerable and you won't even |
18 |
know about it. |
19 |
|
20 |
Best regards, Wulf |
21 |
-----BEGIN PGP SIGNATURE----- |
22 |
Version: GnuPG v2.0.19 (GNU/Linux) |
23 |
Comment: Using GnuPG with undefined - http://www.enigmail.net/ |
24 |
|
25 |
iEYEARECAAYFAlELyXkACgkQnuVXRcSi+5q6UgCfQLgmYQkShYNu2bwokxzP32Fv |
26 |
FBEAoNz/qw2QRArkSUugGXgL3bII6zn9 |
27 |
=aboK |
28 |
-----END PGP SIGNATURE----- |