[aur-general] Suggestion to add a pinned comment to PKGBUILDs of high risk vulnerable software
ralf.mardorf at alice-dsl.net
Tue Jul 4 05:47:27 UTC 2017
On Tue, 4 Jul 2017 13:25:09 +0800, Oon-Ee Ng via aur-general wrote:
>This is the primary question here. If it's the maintainer then... what
>is this email thread even for?
It's about sense of responsibility. As already pointed out,
something like the webkit PKGBUILDs are objectively PKGBUILDs with a
very serious high security risk. Users might not be aware of it,
they might think it's software, that was dropped from official
repositories for harmless maintenance issues. For example, a Heartbleed
affected SSL is not the same as an discontinued Sudoko game without
internet access, even if such a Sudoko game might come with
minor security issues, too.
More information about the aur-general