On Fri, Feb 1, 2013 at 8:36 AM, Wulf C. Krueger <w...@mailstation.de> wrote: > > And how will you get to know about current or future security issues if > nobody (in Gentoo) cares about the package?
The same way that you know about security issues in Firefox or Chromium - somebody reports them. Security bugs still go to the security team, and they're welcome to treeclean with a vengence. I guarantee that you have unreported security bugs in whatever browser and email client you're using right now. Until somebody tells upstream about them you're going to be vulnerable. That said, I'm fine with having some kind of overlay for stuff like this (we need to reduce the stigma on overlays), and I think that having some kind of quality tagging system also makes sense for communicating just how clean packages are. Give the users a choice. Overlays seem to be largely used to do just this - the overlay itself has some connotation of level-of-quality. Rich
