On Fri, Mar 18, 2011 at 10:13:00AM -0400, Nico Kadel-Garcia wrote: > On Fri, Mar 18, 2011 at 10:07 AM, Stefan Sperling <s...@elego.de> wrote: > > On Thu, Mar 17, 2011 at 11:33:41PM -0400, Nico Kadel-Garcia wrote: > >> The 1.6.16 has some minor build-structure changes that have broken the > >> SRPM's. I'm wondering if it's even worth pursuing, for environments > >> that don't rely on HTTP/HTTPS authentication, especially because I'm > >> such a long-standing deprecator of that approach. (This is because the > >> Linux and UNIX clients store the passwords for HTTP/HTTPS access in > >> clear text.) > > > > That's not a good reason to neglect a security update. There are folks who > > need the update. Not that you're obliged to provide one -- you're doing > > voluntary work, afterall. But I'd expect that a package maintainer to > > keep the entire userbase in mind. Not just those running particular setups. > > It's not as if a Subversion HTTP/HTTPS setup was an unsupported use case. > > You've a point, but enabling people to repeat the errors of > mishandling stored passwords is not that high on my priority list.
Fair enough. I will stop recommending RPMforge packages until more responsible maintainers show up. > And the creeping changes to the build structure are making it more awkward > to maintain. If 1.7.0 is coming out soon, I'm not clear it's worthy my > efforts to even bother with this minor release. 1.7.0 isn't coming out soon.
