[aur-general] Suggestion to add a pinned comment to PKGBUILDs of high risk vulnerable software
Oon-Ee Ng
ngoonee.talk at gmail.com
Tue Jul 4 06:00:50 UTC 2017
On Tue, Jul 4, 2017 at 1:47 PM, Ralf Mardorf <ralf.mardorf at alice-dsl.net>
wrote:
> On Tue, 4 Jul 2017 13:25:09 +0800, Oon-Ee Ng via aur-general wrote:
> >This is the primary question here. If it's the maintainer then... what
> >is this email thread even for?
>
> It's about sense of responsibility. As already pointed out,
> something like the webkit PKGBUILDs are objectively PKGBUILDs with a
> very serious high security risk. Users might not be aware of it,
> they might think it's software, that was dropped from official
> repositories for harmless maintenance issues. For example, a Heartbleed
> affected SSL is not the same as an discontinued Sudoko game without
> internet access, even if such a Sudoko game might come with
> minor security issues, too.
>
And as you've already pointed out, this is the responsibility of the
maintainer. You could suggest it on the package's AUR page.
By sending it to the ML, it looks like you're trying to discuss or push for
a general decision. That's not going to happen on this issue, I don't
think.
More information about the aur-general
mailing list