FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-09-2011, 03:55 PM
Chris Adams
 
Default package (tinyca2) not longer present in F15, what to do about it?

Once upon a time, Patrick O'Callaghan <pocallaghan@gmail.com> said:
> On Tue, 2011-08-09 at 08:53 -0500, Chris Adams wrote:
> > Once upon a time, Stephen Gallagher <sgallagh@redhat.com> said:
> > > I should note, however, that tinyca2 development appears dead upstream.
> > > It last saw a release on July 25, 2006! So chances are good that it's no
> > > longer safe for inclusion in Fedora.
> >
> > Why does "long time since last release" mean "no longer safe"? Programs
> > don't have to change for the sake of change.
>
> As I understand it, the issue is not that the package may have a problem
> but that it has no maintainer, i.e. if a problem did show up there'd be
> no-one to produce a revised package even if a fixed version appeared.

I understand being dropped from Fedora for no package maintainer. I was
responding to the "no upstream in 5 years == not safe" comment.
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-09-2011, 04:22 PM
Tom Horsley
 
Default package (tinyca2) not longer present in F15, what to do about it?

On Tue, 9 Aug 2011 10:55:08 -0500
Chris Adams wrote:

> I understand being dropped from Fedora for no package maintainer. I was
> responding to the "no upstream in 5 years == not safe" comment.

Clearly fedora needs to be restricted only to packages that
are riddled with bugs and need to be constantly fixed - that's
the only way to keep it safe :-).
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-10-2011, 09:10 AM
 
Default package (tinyca2) not longer present in F15, what to do about it?

-----Original Message-----
From: users-bounces@lists.fedoraproject.org [mailto:users-bounces@lists.fedoraproject.org] On Behalf Of Chris Adams
Sent: Tuesday, August 09, 2011 3:53 PM
To: users@lists.fedoraproject.org
Subject: Re: package (tinyca2) not longer present in F15, what to do about it?

Once upon a time, Stephen Gallagher <sgallagh@redhat.com> said:
> I should note, however, that tinyca2 development appears dead upstream.
> It last saw a release on July 25, 2006! So chances are good that it's no
> longer safe for inclusion in Fedora.

Why does "long time since last release" mean "no longer safe"? Programs
don't have to change for the sake of change.
-----Original Message-----

Imho, I think different things are mixed up....

A) a very well designed piece of software I less likely to suffer from daily/weekly/monthly updates
And security patches or bug fixes might introduce new "side effects" themselves ;-)

B) Any program with a GUI have to move along, if your program uses an ancient version of qt/gtk1/php3/python/perl/you-name-it, their might come a time that those libs are not shipped anymore.

C) No maintainer means that no one simply looks _IF_ their might be issues. If it is still in (any) distro, it probably means that there were no errors during building/linking.


Specially with any package that is somehow related to security it would be comforting to be assured that at least some people take the trouble to have a look at it. The fact that without any changes it still works after all these years would not be enough for something like a CA.

So what to do about it? Move to something else or get it properly maintained.

hw

__________________________________________________ ____________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-10-2011, 11:00 AM
Tim
 
Default package (tinyca2) not longer present in F15, what to do about it?

On Wed, 2011-08-10 at 11:10 +0200, J.Witvliet@mindef.nl wrote:
> Specially with any package that is somehow related to security it
> would be comforting to be assured that at least some people take the
> trouble to have a look at it. The fact that without any changes it
> still works after all these years would not be enough for something
> like a CA.

Obvious question: Have there been any bug reports for it, or no real
complaints? (I mean faults, not reports about lack of new versions.)


--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-10-2011, 11:49 AM
Patrick O'Callaghan
 
Default package (tinyca2) not longer present in F15, what to do about it?

On Wed, 2011-08-10 at 20:30 +0930, Tim wrote:
> On Wed, 2011-08-10 at 11:10 +0200, J.Witvliet@mindef.nl wrote:
> > Specially with any package that is somehow related to security it
> > would be comforting to be assured that at least some people take the
> > trouble to have a look at it. The fact that without any changes it
> > still works after all these years would not be enough for something
> > like a CA.
>
> Obvious question: Have there been any bug reports for it, or no real
> complaints? (I mean faults, not reports about lack of new versions.)

Obvious answer: if there haven't been, does that mean that there are no
bugs or that not enough people are testing it? Testing security software
is not for the faint of heart and very often the failure mode is to look
like everything is working when in fact it's leaking information.

And if there were bugs, who would fix them?

poc

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 12:05 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org