On 27/05/2022 15:30, Peter Boy wrote:
Really sorry, but such a statement is simply intellectual bullshit.
Unfortunately, it is not possible to formulate this in a more friendly yet
unambiguous way. And in this thread in particular, the many allegations,
unclouded by any expertise but made all the more decisively, are simply
annoying - and a huge waste of everyone’s time in the long run.
But it's true.
One of my packages had a bundled library with 6 critical vulnerabilities
(outdated for 5 years). The upstream developers said they didn't care
because they needed their app to run under Ubuntu 12.04 LTS. Fixed it
manually by switching to the packaged version.
Another package had bundled OpenSSL, which was 3 years out of date.
--
Sincerely,
Vitaly Zaitsev ([email protected])
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
