On Sun, Dec 16, 2018 at 2:40 PM Jeroen Roovers <j...@gentoo.org> wrote:
> On Fri, 14 Dec 2018 12:03:52 -0800
> Matt Turner <matts...@gentoo.org> wrote:
> > Thanks. What do we want to do about -304?
> It's not on the list above because it's a "legacy driver", not a
> "short lived" branch[1]. It's not relevant in this context what happens
> to the 304 branch, the context being a cleanup of intermediate branches
> that were abandoned and surpassed by "long lived" branches.

I understand. This was just a convenient place to ask a related question.

> > It still requires xorg-server-1.19 which I'd like to drop due to a
> > security vulnerability. After the listed versions are gone, -304 will
> > be the only thing keeping 1.19 in tree.

It's bug https://bugs.gentoo.org/669588

> I see no open security bug report for this. If we had one of those, then
> we could write a package.mask entry for both xorg-server and
> nvidia-drivers with a reference to the security issue, or add the
> branches that are now masked for removal. That way people can plan
> their hardware's obsolescence properly or shift to a different driver.

I guess my question to you is whether you think it's okay to mask -304
for removal or whether there are enough users that we should keep it
under package.mask?

Reply via email to