[CentOS] CROSS-LIST Notice: Changes in EPEL

Wed Nov 5 12:01:25 UTC 2014
Jim Perrin <jperrin at centos.org>


On 11/05/2014 01:04 AM, Michael Schumacher wrote:
> Hi,
> 
> Tuesday, November 4, 2014, 1:43:50 PM, you wrote:
> 
>> TL;DR: There are a large number of orphaned/unmaintained packages in
>> EPEL across the 5, 6, and 7 trees. These packages will be removed from
>> EPEL unless they are picked up by a packager. Packages that *depend* on
>> an orphaned package will be removed as well to ensure repo-closure.
> 
> sorry for being so ignorant. I try to figure out what impact that has
> on a running system. I expect that this package cannot be updated from
> now on, but I hope that nothing catastrophic for an existing
> installation happens.
> 
> Is that assumption correct?

As far as package installation goes, Jake outlined most things quite
well. What's being ignored is that this depends on the package. These
packages aren't maintained, so no one is checking them to see if there
are security issues associated with them. If what you have installed is
a service or application that is exposed to the outside world, then you
have the possibility for exploit in the older, unmaintained version.

-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77