John Marino <freebs...@marino.st> writes: > On 1/8/2013 21:14, Raphael Kubo da Costa wrote: >> Additionally, I'd argue that it is hard for it to be "known insecure" >> since upstream does not maintain it even for security vulnerabilities >> anymore, so security problems have nowhere to be reported and >> vulnerabilities common to KDE3 and KDE4 only get published and fixed in >> the latter. > > This doesn't count? > http://cve.mitre.org/cve/ > http://web.nvd.nist.gov/view/vuln/search?execution=e2s1 > > It seems to be there is somewhere to report them...
The vulnerabilities disclosed in those places are normally published after upstream has been contacted and come up with a fix for the security issue, so I don't think the lack of new KDE3 advisories compared to KDE4 ones means the former is safer. _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
