On 27/05/2022 15:30, Peter Boy wrote:
Really sorry, but such a statement is simply intellectual bullshit.
Unfortunately, it is not possible to formulate this in a more friendly yet
unambiguous way. And in this thread in particular, the many allegations,
unclouded by any expertise but made all the more decisively, are simply
annoying - and a huge waste of everyone’s time in the long run.
But it's true.
One of my packages had a bundled library with 6 critical vulnerabilities
(outdated for 5 years). The upstream developers said they didn't care
because they needed their app to run under Ubuntu 12.04 LTS. Fixed it
manually by switching to the packaged version.
Another package had bundled OpenSSL, which was 3 years out of date.
--
Sincerely,
Vitaly Zaitsev (vit...@easycoding.org)
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
