Why delete KDE3 ports?
John Marino
freebsdml at marino.st
Tue Jan 8 20:22:40 UTC 2013
On 1/8/2013 21:14, Raphael Kubo da Costa wrote:
> Adam Vande More<amvandemore at gmail.com> writes:
>
>> On Mon, Jan 7, 2013 at 12:53 PM, John Marino<freebsdml at marino.st> wrote:
>>> "possibly insecure": I think this needs to be "known insecure" rather
>>> than holding it's last release date against it.
>>
>> http://www.kde.org/info/security/advisory-20100413-1.txt
>>
>> Probably other security issues as well. I didn't have to look very long.
>> In a codebase as large as KDE's, it seems a very slim chance indeed years
>> could go by without maintenance and still maintain security.
>
> Additionally, I'd argue that it is hard for it to be "known insecure"
> since upstream does not maintain it even for security vulnerabilities
> anymore, so security problems have nowhere to be reported and
> vulnerabilities common to KDE3 and KDE4 only get published and fixed in
> the latter.
This doesn't count?
http://cve.mitre.org/cve/
http://web.nvd.nist.gov/view/vuln/search?execution=e2s1
It seems to be there is somewhere to report them...
More information about the freebsd-ports
mailing list