| 1 |
No need to cc, I'm on the ml (realize the norm is to cc, but no point |
| 2 |
in spamming me twice ;) |
| 3 |
|
| 4 |
On Sun, May 21, 2006 at 10:25:12PM -0700, Robin H. Johnson wrote: |
| 5 |
> On Sun, May 21, 2006 at 11:02:22PM -0400, Ned Ludd wrote: |
| 6 |
> > ferringb took the time to write a parser and setup a cronjob |
| 7 |
> > (every 4 hours at the half hour) to parse over our GLSA's and see what |
| 8 |
> > pkgs remain in the tree and have nothing but newer versions stable. I |
| 9 |
> [snip] |
| 10 |
> |
| 11 |
> Just because old versions exist, doesn't strictly mean that they are |
| 12 |
> safe to remove - some of them may be in the tree because other packages |
| 13 |
> block the newer versions. |
| 14 |
|
| 15 |
Given, but vulnerable pkgs should be on the way out of the tree- this |
| 16 |
is strictly matching of what's vulnerable. |
| 17 |
|
| 18 |
Not dug into the revdeps, but wouldn't be surprised if at least 25% of |
| 19 |
what's being matched by the vulnerability queries is just cruft that |
| 20 |
never got removed. |
| 21 |
|
| 22 |
~harring |
Archives