From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 9479F1387C7 for ; Fri, 1 Feb 2013 13:47:44 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0FA5AE0682; Fri, 1 Feb 2013 13:47:37 +0000 (UTC) Received: from mail-ia0-f173.google.com (mail-ia0-f173.google.com [209.85.210.173]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 34E21E0675 for ; Fri, 1 Feb 2013 13:47:35 +0000 (UTC) Received: by mail-ia0-f173.google.com with SMTP id h37so1011740iak.4 for ; Fri, 01 Feb 2013 05:47:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=oU/j3Nw/DrVkF6nq1/0JRCBHbsVb6ZQxFvag/vK48pY=; b=aRbsxgQgl4DsFPz9g63obwTeZLQLvuDA2Rh1pPQCW+pVtY07GY1ZuQVn4seFrTSLTH qUwCcrvcoSSOvkB/17tClirYbbOQQYtnAufKWoSZcpy6Olm/qAAZ5dAaARNMlN/SQTSO y2ZUrHSvig7bF7IXSgE6d1rkclr/rYj6A1v7hjVTUizY6cEpDUsENZ/NuGI9o7kfmi7W FctsavLyDbznnnXE5p+InTAxcOPOcfAOEl1SYlTD+z7IvHeWPPEe+y0woA1m3eshFpc5 lyyBRDCilIhBQf7XvTo7jx3fT8Lo3gIjk+y7ebS8fOI6yw8SvMamyKP9F2NSGKVK7zLe Hjzg== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.50.208.7 with SMTP id ma7mr1226045igc.26.1359726455338; Fri, 01 Feb 2013 05:47:35 -0800 (PST) Sender: freemanrich@gmail.com Received: by 10.64.30.231 with HTTP; Fri, 1 Feb 2013 05:47:35 -0800 (PST) In-Reply-To: <510BC4D8.7050908@mailstation.de> References: <510BA4ED.9030405@flameeyes.eu> <510BB012.4010507@gentoo.org> <510BB398.1090000@flameeyes.eu> <510BB6D2.8060906@gentoo.org> <510BBAC7.10302@flameeyes.eu> <510BC4D8.7050908@mailstation.de> Date: Fri, 1 Feb 2013 08:47:35 -0500 X-Google-Sender-Auth: R8JErnr5yWt3owch1-b195oUuNc Message-ID: Subject: Re: [gentoo-dev] Re: Please stop useless removals From: Rich Freeman To: gentoo-dev Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: 17b7e7ac-fdc3-46a2-99f3-a10269188ed0 X-Archives-Hash: 38e81f2d6ff0082084df16e00a45b6ae On Fri, Feb 1, 2013 at 8:36 AM, Wulf C. Krueger wrote: > > And how will you get to know about current or future security issues if > nobody (in Gentoo) cares about the package? The same way that you know about security issues in Firefox or Chromium - somebody reports them. Security bugs still go to the security team, and they're welcome to treeclean with a vengence. I guarantee that you have unreported security bugs in whatever browser and email client you're using right now. Until somebody tells upstream about them you're going to be vulnerable. That said, I'm fine with having some kind of overlay for stuff like this (we need to reduce the stigma on overlays), and I think that having some kind of quality tagging system also makes sense for communicating just how clean packages are. Give the users a choice. Overlays seem to be largely used to do just this - the overlay itself has some connotation of level-of-quality. Rich