| 1 |
On 5/9/17 8:33 AM, Michael Orlitzky wrote: |
| 2 |
> On 05/09/2017 04:12 AM, Rich Freeman wrote: |
| 3 |
>> On Tue, May 9, 2017 at 12:23 AM, Yury German <blueknight@g.o> wrote: |
| 4 |
>>> |
| 5 |
>>> we can not call for cleanup or release the GLSA, |
| 6 |
>>> waiting for a stabilization of a non-core package, while the actual |
| 7 |
>>> package has been in a tree in ~arch status for weeks or months. |
| 8 |
>> |
| 9 |
>> Why not? If an arch is considered a non-security-supported arch then |
| 10 |
>> you would just ignore it in a security bug. |
| 11 |
>> |
| 12 |
> |
| 13 |
> For example, I can't remove the ancient and vulnerable nagios-3.5.1 |
| 14 |
> because an alternative is missing keywords: |
| 15 |
> |
| 16 |
> https://bugs.gentoo.org/show_bug.cgi?id=605724 |
| 17 |
> |
| 18 |
> If I drop nagios-3.5.1 without the keywords, pnp4nagios breaks. |
| 19 |
> |
| 20 |
> |
| 21 |
|
| 22 |
Perhaps I'm missing the issue, but can you just follow the dependencies |
| 23 |
and drop keywords accordingly so the tree remains consistent. |
| 24 |
|
| 25 |
-- |
| 26 |
Anthony G. Basile, Ph.D. |
| 27 |
Gentoo Linux Developer [Hardened] |
| 28 |
E-Mail : blueness@g.o |
| 29 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
| 30 |
GnuPG ID : F52D4BBA |
Archives