On Dienstag, 15. Mai 2007, Caleb Tennis wrote: > I just read the bug, but I don't see any compelling reason against using > the preserve_old stuff.
The big problem with it is that we do not store information about retained libraries and let portage throw warnings. When people miss such a post install message, the library potentially remains forever in the system, not unlikely with seldom updated stuff linking against it. As soon as a vulnerability is popping up, the system is vulnerable, remains vulnerable and its owner assumes everything is fine. Carsten
signature.asc
Description: This is a digitally signed message part.
