-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/25/2014 8:42 AM, Andrew Savchenko wrote: > Hello, > > many packages in tree are masked due to security issues instead of > issuing GLSA for them. Why? At this moment I counted 56 such > packages in package.mask. > > Some of these packages have GLSAs issued (e.g. nethack and > friends) and have no fixes, so this is understandable. But most > packages are just masked "due to security bugs", I recently > stumbled upon: ppp, mariadb, mysql, vlc...
In the case of mysql and friends, it is the policy of the mysql team to give administrators time to upgrade. Sometimes, this is not straight forward and they need to test changes before going to production. The mask gives notice that you should move away from the installed version. GLSAs still may be issued and bugs closed as usual. This is just another notice mechanism. Brian -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJUJBZIAAoJEE4V4vFnx44dEf4H/jn3fetMWrtV15bbUx0txuXo QMi9Qh2q1f+GiEGFKIqW2UC7m0Acp2GDHWZaxGGgRyVRRtjbyIh+SxIZISMVbud8 5BQBH+6QnmA1miLaYLxxBdOLDddb3cDpGB9YvgnffuQ0Od9iOoYkzX9KstPjrd7g Dao/ra0FEM3ZXTikdt2Z0uMC5bwq1ltmpmGYED0XoAU/ab4vqAY9mrNag2BlDhU3 j4O/Z+sUhLAwVehxo0i33NhJ/L1tB/8HucNa/io/GIVwFuZjHTsnYUXdu8MNaNF7 E6VK5V1WEqodoRZDw46L83Sjqfh248vK2FqWNKsp3nB1EnH2is64dHUb1zja0+I= =DFmB -----END PGP SIGNATURE-----
