On Tue, 2006-05-23 at 15:36 -0700, Brian Harring wrote: > On Tue, May 23, 2006 at 06:24:31PM -0400, Chris Gianelloni wrote: > > On Tue, 2006-05-23 at 15:05 -0700, Brian Harring wrote: > > > On Tue, May 23, 2006 at 05:46:09PM -0400, Chris Gianelloni wrote: > > > > I completely understand this. However, in most cases the reason the > > > > older packages are still in the tree is because *somebody* doesn't have > > > > it stable yet. > > > > > > Strictly stable, or unstable? > > > > I guess in this case, we would want both, so we can tell who's where. > > > > > What about profiles, which to account for? Stable (keyword) doesn't > > > mean visible (profile p.mask or global p.mask), scan 'em all? > > > > I wouldn't scan anything that isn't "stable" or "dev" in profiles.desc, > > at all. > > Commented in #-security about it, but any reason that arches don't yank > their keywords from insecure ebuilds after they've stabled a > replacement?
Honestly, I see no reason why we couldn't do that. It would add a tiny bit more work, really, so that shouldn't be much of an issue. It would then allow us to easily see who is affected by what, with your current reports. -- Chris Gianelloni Release Engineering - Strategic Lead x86 Architecture Team Games - Developer Gentoo Linux
signature.asc
Description: This is a digitally signed message part
