Am Thu, 2 Jun 2011 01:26:30 +0400 schrieb Ilya Chernykh <anixxsus@gmail.com>:
To get a security fix there should not be just maintainers, but programmers, not just programmers, but hi-class programmers.
I for instance know one issue in ksquirrel libs http://secunia.com/secunia_research/2008-63/ . This issue is currently can be automatically detected by post-build-checks of OBS thus the package can only built with the checks disabled.
Well, the fix for this issue is pretty trivial, a possible fix is attached. No hi-class programmer needed.
As the issue is not fixed so far, one can just choose not to include ksquirrel-libs in openSUSE, it is not a very important package.
More relevant is, that the package is obviously abandoned by upstream (otherwise they would have fixed that trivial bug which even the compiler can find, no security expert needed) and thus it's a good idea to not include it anymore. -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!"