Re: Packages still depending on GTK+ 1.2
On Tue, Dec 09, 2008 at 08:48:34AM +0900, Charles Plessy wrote:
> Le Mon, Dec 08, 2008 at 04:25:56PM -0600, Gunnar Wolf a écrit :
> > All sorts of programming practices
> > that have become obsoleted (or outright shown to be dangerous) over
> > the years. As an example - Around ten years ago few people would have
> > thought about the security implications of an integer overflow or
> > format string attacks.
> Hi all,
> seecurity is of course important, but as I was told during the last DPL debate,
> it is possible to opt out support from the security team, which is only for
> Stable anyway.
> Buffer overflows are not the same issues when viewing downloaded PDFs from
> anywhere compared to viewing molecules which structure is downloaded from a
> curated databank or from a local structural biology facility. Why not keeping
> in Debian a package that helps people to compile software that is useful and is
> not broken? It does not cost manpower to Debian: nobody in this thread has
> asked for security support, and Morten has proposed to releive the GNOME team
> from the burden.
Keeping your name as Maintainer in debian/control is not maintaining. If
all that is going to happen to the package is that (and I'm pretty sure
it would), having people who need gtk1.2 take it from oldstable is
exactly the same: no security support, no change to the package, and no
maintenance burden. It has the added value that people can know all that
by the fact it is in oldstable and not in stable anymore.
Why are people so unwilling to use oldstable? It happened to me to have
to use a package from it for an old proprietary crap using a bitrot
libstdc++, but I don't expect the package I took there to be in stable,
let alone unstable.