From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-30783-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1K1aT2-0000HB-G3
	for garchives@archives.gentoo.org; Thu, 29 May 2008 05:14:24 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 9469BE04FB;
	Thu, 29 May 2008 05:14:22 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 6AC28E04FB
	for <gentoo-dev@lists.gentoo.org>; Thu, 29 May 2008 05:14:22 +0000 (UTC)
Received: from gentoo.org (c-71-193-142-160.hsd1.or.comcast.net [71.193.142.160])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTP id ECB5364E16
	for <gentoo-dev@lists.gentoo.org>; Thu, 29 May 2008 05:14:21 +0000 (UTC)
Date: Wed, 28 May 2008 22:14:17 -0700
From: Donnie Berkholz <dberkholz@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] RFC: Should preserve-libs be enabled by default?
Message-ID: <20080529051417.GA8809@comet>
References: <20080529011316.54f0f1f6@sheridan.genone.homeip.net>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20080529011316.54f0f1f6@sheridan.genone.homeip.net>
User-Agent: Mutt/1.5.17 (2007-11-01)
X-Archives-Salt: c65377e8-a64b-4bb5-84eb-4e520930fe90
X-Archives-Hash: 1db3f425fcadd63508097ccea649530f

On 01:13 Thu 29 May     , Marius Mauch wrote:
> One concern raised by some people is that it might cause old libraries
> with security issues to stay on the system for eternity even though
> the package was upgraded, and eventually be preferred by new builds.
> I can't rule this out completely but thinks it's very unlikely, as
> preserved libraries are specially tracked and the user is notified
> about their existance after every emerge operation (similar to glep42
> news).

Part of this should be addressable by keeping track of the version that 
installed them and checking it against the distributed GLSAs...

Thanks,
Donnie
-- 
gentoo-dev@lists.gentoo.org mailing list