On Sun, Mar 12, 2017 at 02:54:22PM -0400, Rich Freeman wrote: > On Sun, Mar 12, 2017 at 2:45 PM, Kristian Fiskerstrand <k...@gentoo.org> > wrote: > > > > In most cases lack of maintainer participation is likely the issue to > > begin with. The primary issue with a package mask of this nature is that > > it is more permanent than temporary in nature. To what extent would > > other package maintainers need to take it into consideration e.g wrt > > depgraph breakages (say this is a lower slotted version or last version > > that supports a specific arch). > > > > Granted that isn't much of an issue from the security point of view, but > > goes more over on QA. > > Sure, and if a package like this becomes a blocker then that would be > a reason to remove it. > > The fact that it has a security issue is actually irrelevant to that decision.
I disagree with this argument. A security issue *is* a problem, especially if we are masking the package because of the security issue. imo to increase the quality of the tree, packages with known, unfixable security issues belong in overlays, not in the main tree. William
signature.asc
Description: Digital signature
