Date: Wed, 09 Jan 2013 00:59:15 +0200 From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: freebsd-ports@freebsd.org Subject: Re: Why delete KDE3 ports? Message-ID: <87mwwjnuws.fsf@FreeBSD.org> References: <mailman.202.1357547625.2166.freebsd-ports@freebsd.org> <50EADA33.9010308@aldan.algebra.com> <50EB16B2.4070502@FreeBSD.org> <50EB1991.8010400@marino.st> <CA%2BtpaK1t4TUPeAZATVPO=KZPdwk4aksMDGeWxiMP7HCLcM8S_g@mail.gmail.com> <87txqro2jw.fsf@FreeBSD.org> <50EC8004.4020106@marino.st>
next in thread | previous in thread | raw e-mail | index | archive | help
John Marino <freebsdml@marino.st> writes: > On 1/8/2013 21:14, Raphael Kubo da Costa wrote: >> Additionally, I'd argue that it is hard for it to be "known insecure" >> since upstream does not maintain it even for security vulnerabilities >> anymore, so security problems have nowhere to be reported and >> vulnerabilities common to KDE3 and KDE4 only get published and fixed in >> the latter. > > This doesn't count? > http://cve.mitre.org/cve/ > http://web.nvd.nist.gov/view/vuln/search?execution=e2s1 > > It seems to be there is somewhere to report them... The vulnerabilities disclosed in those places are normally published after upstream has been contacted and come up with a fix for the security issue, so I don't think the lack of new KDE3 advisories compared to KDE4 ones means the former is safer.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87mwwjnuws.fsf>