On Monday, 10 October 2016 at 11:07, Florian Weimer wrote: > On 10/07/2016 06:43 PM, Dominik 'Rathann' Mierzejewski wrote: > > > I was made aware that EOL software with known security bugs that will > > not be fixed upstream (due to EOL status) was reviewed and accepted into > > Fedora recently. > > Fedora relies on EOLed components pretty much across the system (including > critical security functionality), so one more such package really isn't the > end of the world. I think new packages should not be held to tremendously > higher standards than existing packages.
I think times have changed enough to warrant this at least for new packages. I don't think it's acceptable to simply allow adding known-to-be-vulnerable software to our package repositories without additional review anymore. Regards, Dominik -- Fedora http://fedoraproject.org/wiki/User:Rathann RPMFusion http://rpmfusion.org "Faith manages." -- Delenn to Lennier in Babylon 5:"Confessions and Lamentations" _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
