Why delete KDE3 ports?
Raphael Kubo da Costa
rakuco at FreeBSD.org
Tue Jan 8 22:59:32 UTC 2013
John Marino <freebsdml at marino.st> writes:
> On 1/8/2013 21:14, Raphael Kubo da Costa wrote:
>> Additionally, I'd argue that it is hard for it to be "known insecure"
>> since upstream does not maintain it even for security vulnerabilities
>> anymore, so security problems have nowhere to be reported and
>> vulnerabilities common to KDE3 and KDE4 only get published and fixed in
>> the latter.
>
> This doesn't count?
> http://cve.mitre.org/cve/
> http://web.nvd.nist.gov/view/vuln/search?execution=e2s1
>
> It seems to be there is somewhere to report them...
The vulnerabilities disclosed in those places are normally published
after upstream has been contacted and come up with a fix for the
security issue, so I don't think the lack of new KDE3 advisories
compared to KDE4 ones means the former is safer.
More information about the freebsd-ports
mailing list