-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-07-14 11:04, Johannes Meixner wrote:
What is your ultimate goal?
If it is security, I think it does not really matter whether or not an insecure package is installed by default. I.e. when an insecure package is not installed by default but when it is provided by openSUSE to be installable, then maintenance updates for security issues are needed.
If security in future openSUSE releases should be improved the insecure package would have to be completely dropped from future openSUSE releases (as far as I know).
You are absolutely right... However, then users would have to get the package from somewhere else, and we would not update it as soon as possible, but when somebody or something tells us that maybe there is an update. Like FF refusing to run it. It is better, in that sense, that updates, insufficient as they may be, are provided by the usual automatic (for users) channels. Safer for us, users :-) Thus, thank you for providing the updates :-) - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlWk6ogACgkQja8UbcUWM1yjugD6A5Qqf2+txq03oM/P3AAciXdT n6OQpIed9W6HZAWerYwA/if6ylq9h/YHdM5IeJZXIwTLZBcLX9lYQsVVxSfrJ+es =mEET -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org