[aur-general] Suggestion to add a pinned comment to PKGBUILDs of high risk vulnerable software
Ralf Mardorf
ralf.mardorf at alice-dsl.net
Tue Jul 4 07:45:08 UTC 2017
On Tue, 4 Jul 2017 14:00:50 +0800, Oon-Ee Ng via aur-general wrote:
>You could suggest it on the package's AUR page.
Hi,
yes, I could ask to do it for dependent packages such as
https://aur.archlinux.org/packages/xombrero/ even while I'm not using
it.
I could ask to do it for https://aur.archlinux.org/packages/qtwebkit/ ,
https://aur.archlinux.org/packages/webkitgtk/ /
https://aur.archlinux.org/packages/webkitgtk2 even while I'm not using
those packages.
Some maintainers simply are responsible without somebody mentioning it,
e.g. https://aur.archlinux.org/packages/claws-mail-git/, btw. the only
related PKGBUILD I'm using myself.
Another package maintainer disabld webkit usage, after I informed
about the issue and after I get in contact with upstream, who also will
fix the issue, https://aur.archlinux.org/packages/guitarix-git/ . I'm
not using this package, but install guitarix2 from official
repositories.
>By sending it to the ML, it looks like you're trying to discuss or
>push for a general decision.
Actually there could be PKGBUILDs where I'm not aware of the issue, so
I can't add a comment, that's why I ask on this list. It should not be
enforced by a rule, but maintainers of PKGBUILDs should become a sense
of responsibility, so I mentioned it on this list.
Regards,
Ralf
--
Vote for apulse!
echo $(w3m https://aur.archlinux.org/packages/apulse |grep 'Votes: ')
Votes: 82 Updated: Tue Jul 4 09:32:57 CEST 2017
More information about the aur-general
mailing list