Removing zoo from Fedora Extras
nicolas.mailhot at laposte.net
Sat Jul 1 11:56:30 UTC 2006
I'm going to ask the removal of the zoo archiver suite from Fedora
Extras repositories. The existing zoo codebase is potentially insecure,
and there is no one to audit it and coordinate fixes. This unfortunate
situation haven't changed since the last CERT alerts, and the rushed
fixes we used then.
As far as I know zoo was never used in Fedora except as a pluggin in
mail filters to uncompress zoo attachements and scan them. Needless to
say the last thing you want when processing external uncontrolled input
is old crufty orphaned unaudited code.
If you need zoo for something please ping me and I'll give over
maintainership to you. But please remember accepting the maintainership
now implies doing the security audit zoo sorely needs, as I don't see
how the package could be kept in Fedora repositories otherwise.
If no one objects I'll go on with the orphaning and request for
repository removal tomorrow evening (CET time)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: Ceci est une partie de message num?riquement sign?e
More information about the Fedora-maintainers