Package: wnpp Severity: normal [ cc: to debian-devel; maybe we need some discussion about this... ] I've had enough of netpbm - it's a big package that takes far too much effort for me to keep up with it. Upstream source is a mix of non-free and free software, and even the free software has such a wide range of licenses that the package needs its licenses auditing with every new release. In addition to this mess, the latest major revision (version 10) does not even contain the man pages: "Netpbm's maintainer believes man pages are obsolete and too limiting." The random mix of binaries in netpbm have no consistent interface and no consistency in their code, so I would fully expect it to have lots of dangerous bugs, including (but not limited to) temporary file races and buffer overflows. I realise that I may have just put off anybody who might have taken netpbm, but I wouldn't want to see people pick it up expecting an easy job. We might even be better off dropping the whole package completely, but for the fact that it has quite a lot of dependents. -- Steve McIntyre, Cambridge, UK. steve@einval.com "It's actually quite entertaining to watch ag129 prop his foot up on the desk so he can get a better aim." [ seen in ucam.chat ]
Attachment:
pgpk5dIyblLsN.pgp
Description: PGP signature