If security bugs occur then there's two options -- fix, or remove.
(Or maybe mask with message clearly indicating security issues
or warn about possibly unknown security issues).
I agree. But security bugs are really relevant only for a rather
limited types of packages: Those which are SUID (or have caps) or
automatically called by other programs and reading untrusted data:
Libraries (or used as such like movie players, viewers etc), or
programs tightly coupled to the net (browsers, net games, etc).
So e.g., I completely agree with masking xpdf for security reasons
if nobody wants to care about security issues, although this does
not necessarily mean that it has to be removed from the tree.
However, for all other packages I mentioned,
e.g. simple games (I was not speaking about net games),
security issues are not security relevant:
It is really the user's fault if he feeds them untrusted data,
and in this case the user's data can be harmed. This he should
know in advance, anyway.
Regards
Martin
