On Mon, Nov 15, 2004 at 04:06:07AM +0100, Matthias Andree wrote: > Kris Kennaway <[EMAIL PROTECTED]> writes: > > > I've uploaded new packages for 5.3-stable; they'll make their way onto > > the ftp mirrors over the next day or so. Included are the new > > versions of GNOME and KDE, among others. > > BTW, are we getting long-standing security issues in ports fixed, for > instance cups-base, open-motif, others? Yeah I know send patches, but my > ressources are limited and committers are also overworked already... > > The general question I'd like to raise is how long will we allow ports > with known security flaws linger around before they are marked BROKEN?
In general serious security flaws should be marked FORBIDDEN immediately, and they generally are. Fixing the security issues is up to the community. Kris
pgpXpiCG8HFqu.pgp
Description: PGP signature