# Intent to remove libxaw6 from Debian [security issues]

Dear Debian Developers,

the X Strike Force intends to remove libxaw6 from the archive.

The reason is explained in bug #172890.  In short, libxaw6 has a
security flaw where it displays passwords in plain text.

The flaw is fixed in libxaw7.  All packages in Debian now use libxaw7
rather than libxaw6.  We therefore consider it prudent to remove libxaw6
from the archive to avert any possible future misuses.

This has the potential to impact on any third party packages which use
libxaw6.  We don't believe this should annul the package's removal
however, because
a) these packages should be rebuilt against libxaw7 anyway, and
b) libxaw6 can still be taken from etch if really needed.

The LSB does not specify any requirements for libxaw (v7 or otherwise).

Please let us know (by replying to bug #172890) if you have any
objections or can otherwise present an argument in favour of keeping
libxaw6.

Otherwise, we will remove it in a week or so.

Drew Parsons
\hat{XSF}



Attachment: signature.asc
Description: This is a digitally signed message part