Re: Bug#1000000: fixed in phast 1.6+dfsg-2
On Thu, Nov 18, 2021 at 05:12:10PM +0100, Sebastiaan Couwenberg wrote:
>...
> For the Debian package you could drop use_debian_packaged_libpcre.patch and
> use the embedded copy to not block the prce3 removal in Debian.
As a general comment, this would be a lot worse than keeping pcre3.
If any copy of this library should be used at all in bookworm,
it should be provided by src:pcre3.
Switching from src:pcre3 to an older vendored copy would likely create
additional security vulnerabilities for our users,[1] even with only one
user in bookworm shipping it security supportable in src:pcre3 would be
better than hiding vulnerabilities through vendoring.
> Kind Regards,
>
> Bas
cu
Adrian
[1] https://security-tracker.debian.org/tracker/source-package/pcre3
Reply to: