Announcement

**Luke_Wolf** · 08 August 2018, 05:21 AM

Well I guess they had to drop X.org sometime.

**Apokalypz** · 08 August 2018, 06:04 AM

What's a Linux distro without the Linux kernel? Yea, you know what I'm implying.

**Anvil** · 08 August 2018, 06:21 AM

an yet Fedora still keeps security riddled Gstreamer releases in there repo but yet talk about doing this? i'll believe it when i see it actually done. , as much as i dont like Trump, maybe Fedora should get Trump to get rid of them? he aint done a bad job of getting rid of other shit

**duby229** · 08 August 2018, 07:18 AM

Oh good, how soon do they plan to remove Gnome Shell then? Or xorg? Or mono? Or -every- web browser?

EDIT: The point I'm making is that they just made a blanket statement that they cannot possibly achieve, or else they would not have functional repository.

**cen1** · 08 August 2018, 07:46 AM

How about you let me install whatever I want and as much as I want? Fedora needs more packages, not less.

**chithanh** · 08 August 2018, 08:01 AM

Originally posted by duby229 View Post

Or -every- web browser?

When Fedora drops Chromium (new high-severity security bugs are found in each release), I guess they can also throw out the bundled software exception which was introduced specifically for that browser. Making their users more secure in the process.

**RahulSundaram** · 08 August 2018, 08:54 AM

Originally posted by duby229 View Post

Oh good, how soon do they plan to remove Gnome Shell then? Or xorg? Or mono? Or -every- web browser?

EDIT: The point I'm making is that they just made a blanket statement that they cannot possibly achieve, or else they would not have functional repository.

That doesn't make much sense. You cannot read every proposal made to the project as a statement by the project. Anyone is allowed to file a ticket with a proposal at any time.

**Weasel** · 08 August 2018, 09:06 AM

Originally posted by RahulSundaram View Post

That doesn't make much sense. You cannot read every proposal made to the project as a statement by the project. Anyone is allowed to file a ticket with a proposal at any time.

Well most people think open source projects are a hive mind. Unfortunately, this includes Michael in many cases, or maybe he just does it for clickbaits (can't blame him there, he needs that ad revenue).

**cybertraveler** · 08 August 2018, 10:04 AM

I think it would be better for their users to keep the vulnerable packages, but inform the users of current and historical vulnerabilities. This means the user still has the choice.

Their software centre program could provide this information.

For command line packages they could encode an extra field in the package labelled something like 'vulnerable'. If it is true, it would require the user to interactively confirm installation (having seen a warning) or non-interactively pass in a switch like '--allow-vulnerable-packages'.

Announcement

Fedora Might Start Dropping Packages With Consistently Bad Security Records

Fedora Might Start Dropping Packages With Consistently Bad Security Records

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment