[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages still depending on GTK+ 1.2

Charles Plessy dijo [Tue, Dec 09, 2008 at 08:48:34AM +0900]:
> seecurity is of course important, but as I was told during the last DPL debate,
> it is possible to opt out support from the security team, which is only for
> Stable anyway. 
> Buffer overflows are not the same issues when viewing downloaded PDFs from
> anywhere compared to viewing molecules which structure is downloaded from a
> curated databank or from a local structural biology facility. Why not keeping
> in Debian a package that helps people to compile software that is useful and is
> not broken? It does not cost manpower to Debian: nobody in this thread has
> asked for security support, and Morten has proposed to releive the GNOME team
> from the burden.

Agree on this - But the moment you are providing a library (and
specially a library that was hugely popular in the past), you are
opening the door to all kinds of applications to use it. Yes, I can
code up a perfectly secure Gtk1.2 app that interacts only with me, but
having a stale library in our pool makes people be creative about
it... Or makes people ITP an old, abandoned but great tool not once
updated since 1999.

> As for scientific software, nobody will find the time or the money to upgrade
> from GTK1.2 to GTK2 only for the beauty of it. People are rewarded on their new
> developments, not on code maintainance.

Agree. But people might willing to invest some energy into porting
their eight year old applications so they run on any modern-day
distribution. And if they are sure their application runs with closed,
secure data, and if the application is production-quality and does not
need to be touched... Well, you can perfectly keep a cluster of Woody
machines for a long time!

Gunnar Wolf - gwolf@gwolf.org - (+52-55)5623-0154 / 1451-2244
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

Reply to: