1 |
On 5/9/17 8:33 AM, Michael Orlitzky wrote: |
2 |
> On 05/09/2017 04:12 AM, Rich Freeman wrote: |
3 |
>> On Tue, May 9, 2017 at 12:23 AM, Yury German <blueknight@g.o> wrote: |
4 |
>>> |
5 |
>>> we can not call for cleanup or release the GLSA, |
6 |
>>> waiting for a stabilization of a non-core package, while the actual |
7 |
>>> package has been in a tree in ~arch status for weeks or months. |
8 |
>> |
9 |
>> Why not? If an arch is considered a non-security-supported arch then |
10 |
>> you would just ignore it in a security bug. |
11 |
>> |
12 |
> |
13 |
> For example, I can't remove the ancient and vulnerable nagios-3.5.1 |
14 |
> because an alternative is missing keywords: |
15 |
> |
16 |
> https://bugs.gentoo.org/show_bug.cgi?id=605724 |
17 |
> |
18 |
> If I drop nagios-3.5.1 without the keywords, pnp4nagios breaks. |
19 |
> |
20 |
> |
21 |
|
22 |
Perhaps I'm missing the issue, but can you just follow the dependencies |
23 |
and drop keywords accordingly so the tree remains consistent. |
24 |
|
25 |
-- |
26 |
Anthony G. Basile, Ph.D. |
27 |
Gentoo Linux Developer [Hardened] |
28 |
E-Mail : blueness@g.o |
29 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
30 |
GnuPG ID : F52D4BBA |