[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Removing zoo from Fedora Extras



Hi,

I'm going to ask the removal of the zoo archiver suite from Fedora
Extras repositories. The existing zoo codebase is potentially insecure,
and there is no one to audit it and coordinate fixes. This unfortunate
situation haven't changed since the last CERT alerts, and the rushed
fixes we used then.

As far as I know zoo was never used in Fedora except as a pluggin in
mail filters to uncompress zoo attachements and scan them. Needless to
say the last thing you want when processing external uncontrolled input
is old crufty orphaned unaudited code.

If you need zoo for something please ping me and I'll give over
maintainership to you. But please remember accepting the maintainership
now implies doing the security audit zoo sorely needs, as I don't see
how the package could be kept in Fedora repositories otherwise.

If no one objects I'll go on with the orphaning and request for
repository removal tomorrow evening (CET time)

Regards,

-- 
Nicolas Mailhot

Attachment: signature.asc
Description: Ceci est une partie de message numériquement signée


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]