No need to cc, I'm on the ml (realize the norm is to cc, but no point in spamming me twice ;)
On Sun, May 21, 2006 at 10:25:12PM -0700, Robin H. Johnson wrote: > On Sun, May 21, 2006 at 11:02:22PM -0400, Ned Ludd wrote: > > ferringb took the time to write a parser and setup a cronjob > > (every 4 hours at the half hour) to parse over our GLSA's and see what > > pkgs remain in the tree and have nothing but newer versions stable. I > [snip] > > Just because old versions exist, doesn't strictly mean that they are > safe to remove - some of them may be in the tree because other packages > block the newer versions. Given, but vulnerable pkgs should be on the way out of the tree- this is strictly matching of what's vulnerable. Not dug into the revdeps, but wouldn't be surprised if at least 25% of what's being matched by the vulnerability queries is just cruft that never got removed. ~harring
pgpCzIfTIM3To.pgp
Description: PGP signature
