On Sun, Mar 12, 2017 at 2:45 PM, Kristian Fiskerstrand <[email protected]> wrote: > > In most cases lack of maintainer participation is likely the issue to > begin with. The primary issue with a package mask of this nature is that > it is more permanent than temporary in nature. To what extent would > other package maintainers need to take it into consideration e.g wrt > depgraph breakages (say this is a lower slotted version or last version > that supports a specific arch). > > Granted that isn't much of an issue from the security point of view, but > goes more over on QA.
Sure, and if a package like this becomes a blocker then that would be a reason to remove it. The fact that it has a security issue is actually irrelevant to that decision. -- Rich
