Gentoo Archives: gentoo-dev

From: Patrick Lauer <patrick@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] qa last rites -- long list
Date: Wed, 07 Jan 2015 10:58:20
Message-Id: 54AD10E0.7080102@gentoo.org
In Reply to: [gentoo-dev] qa last rites -- long list by William Hubbs
1 On 01/07/15 06:24, William Hubbs wrote:
2 > All,
3 >
4 > Many packages have been masked in the tree for months - years with no
5 > signs of fixes.
6 >
7 > I am particularly concerned about packages with known security
8 > vulnerabilities staying in the main tree masked. If people want to keep
9 > using those packages, I don't want to stop them, but packages like this
10 > should be in an overlay, not the main tree.
11 >
12
13 > # Sergey Popov <pinkbyte@g.o> (20 Mar 2014)
14 > # Security mask of vulnerable versions, wrt bug #424167
15 > <net-nds/openldap-2.4.35
16
17 Please leave at least one openldap-2.3 version around - replication
18 doesn't work between different major versions, so those of us stuck with
19 mummified linux need them (sigh)
20
21 Thanks,
22
23 Patrick