On Sun, Dec 16, 2018 at 2:40 PM Jeroen Roovers <j...@gentoo.org> wrote: > > On Fri, 14 Dec 2018 12:03:52 -0800 > Matt Turner <matts...@gentoo.org> wrote: > > > Thanks. What do we want to do about -304? > > It's not on the list above because it's a "legacy driver", not a > "short lived" branch[1]. It's not relevant in this context what happens > to the 304 branch, the context being a cleanup of intermediate branches > that were abandoned and surpassed by "long lived" branches.
I understand. This was just a convenient place to ask a related question. > > It still requires xorg-server-1.19 which I'd like to drop due to a > > security vulnerability. After the listed versions are gone, -304 will > > be the only thing keeping 1.19 in tree. It's bug https://bugs.gentoo.org/669588 > I see no open security bug report for this. If we had one of those, then > we could write a package.mask entry for both xorg-server and > nvidia-drivers with a reference to the security issue, or add the > branches that are now masked for removal. That way people can plan > their hardware's obsolescence properly or shift to a different driver. I guess my question to you is whether you think it's okay to mask -304 for removal or whether there are enough users that we should keep it under package.mask?
