On 01:13 Thu 29 May , Marius Mauch wrote: > One concern raised by some people is that it might cause old libraries > with security issues to stay on the system for eternity even though > the package was upgraded, and eventually be preferred by new builds. > I can't rule this out completely but thinks it's very unlikely, as > preserved libraries are specially tracked and the user is notified > about their existance after every emerge operation (similar to glep42 > news).
Part of this should be addressable by keeping track of the version that installed them and checking it against the distributed GLSAs... Thanks, Donnie -- gentoo-dev@lists.gentoo.org mailing list