[CentOS] CROSS-LIST Notice: Changes in EPEL
Jim Perrin
jperrin at centos.org
Wed Nov 5 12:01:25 UTC 2014
On 11/05/2014 01:04 AM, Michael Schumacher wrote:
> Hi,
>
> Tuesday, November 4, 2014, 1:43:50 PM, you wrote:
>
>> TL;DR: There are a large number of orphaned/unmaintained packages in
>> EPEL across the 5, 6, and 7 trees. These packages will be removed from
>> EPEL unless they are picked up by a packager. Packages that *depend* on
>> an orphaned package will be removed as well to ensure repo-closure.
>
> sorry for being so ignorant. I try to figure out what impact that has
> on a running system. I expect that this package cannot be updated from
> now on, but I hope that nothing catastrophic for an existing
> installation happens.
>
> Is that assumption correct?
As far as package installation goes, Jake outlined most things quite
well. What's being ignored is that this depends on the package. These
packages aren't maintained, so no one is checking them to see if there
are security issues associated with them. If what you have installed is
a service or application that is exposed to the outside world, then you
have the possibility for exploit in the older, unmaintained version.
--
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77
More information about the CentOS
mailing list