On 5/9/17 8:33 AM, Michael Orlitzky wrote: > On 05/09/2017 04:12 AM, Rich Freeman wrote: >> On Tue, May 9, 2017 at 12:23 AM, Yury German <[email protected]> wrote: >>> >>> we can not call for cleanup or release the GLSA, >>> waiting for a stabilization of a non-core package, while the actual >>> package has been in a tree in ~arch status for weeks or months. >> >> Why not? If an arch is considered a non-security-supported arch then >> you would just ignore it in a security bug. >> > > For example, I can't remove the ancient and vulnerable nagios-3.5.1 > because an alternative is missing keywords: > > https://bugs.gentoo.org/show_bug.cgi?id=605724 > > If I drop nagios-3.5.1 without the keywords, pnp4nagios breaks. > >
Perhaps I'm missing the issue, but can you just follow the dependencies and drop keywords accordingly so the tree remains consistent. -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : [email protected] GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA GnuPG ID : F52D4BBA
