Date: Tue, 08 Jan 2013 21:22:28 +0100 From: John Marino <freebsdml@marino.st> To: Raphael Kubo da Costa <rakuco@FreeBSD.org> Cc: freebsd-ports@freebsd.org Subject: Re: Why delete KDE3 ports? Message-ID: <50EC8004.4020106@marino.st> In-Reply-To: <87txqro2jw.fsf@FreeBSD.org> References: <mailman.202.1357547625.2166.freebsd-ports@freebsd.org> <50EADA33.9010308@aldan.algebra.com> <50EB16B2.4070502@FreeBSD.org> <50EB1991.8010400@marino.st> <CA%2BtpaK1t4TUPeAZATVPO=KZPdwk4aksMDGeWxiMP7HCLcM8S_g@mail.gmail.com> <87txqro2jw.fsf@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/8/2013 21:14, Raphael Kubo da Costa wrote: > Adam Vande More<amvandemore@gmail.com> writes: > >> On Mon, Jan 7, 2013 at 12:53 PM, John Marino<freebsdml@marino.st> wrote: >>> "possibly insecure": I think this needs to be "known insecure" rather >>> than holding it's last release date against it. >> >> http://www.kde.org/info/security/advisory-20100413-1.txt >> >> Probably other security issues as well. I didn't have to look very long. >> In a codebase as large as KDE's, it seems a very slim chance indeed years >> could go by without maintenance and still maintain security. > > Additionally, I'd argue that it is hard for it to be "known insecure" > since upstream does not maintain it even for security vulnerabilities > anymore, so security problems have nowhere to be reported and > vulnerabilities common to KDE3 and KDE4 only get published and fixed in > the latter. This doesn't count? http://cve.mitre.org/cve/ http://web.nvd.nist.gov/view/vuln/search?execution=e2s1 It seems to be there is somewhere to report them...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50EC8004.4020106>