Re: Bug#1000000: fixed in phast 1.6+dfsg-2

To: Sebastiaan Couwenberg <sebastic@xs4all.nl>
Cc: 1000000@bugs.debian.org, Andreas Tille <tille@debian.org>, Matthew Vernon <matthew@debian.org>, debian-devel@lists.debian.org
Subject: Re: Bug#1000000: fixed in phast 1.6+dfsg-2
From: Adrian Bunk <bunk@debian.org>
Date: Thu, 18 Nov 2021 23:12:12 +0200
Message-id: <[🔎] 20211118211212.GA22735@localhost>
In-reply-to: <534c30cc-b063-ab9e-9c3a-702ad024d9b3@xs4all.nl>
References: <E1mniar-00046W-VM@fasolo.debian.org> <E1mniar-00046W-VM@fasolo.debian.org> <534c30cc-b063-ab9e-9c3a-702ad024d9b3@xs4all.nl>

On Thu, Nov 18, 2021 at 05:12:10PM +0100, Sebastiaan Couwenberg wrote:
>...
> For the Debian package you could drop use_debian_packaged_libpcre.patch and
> use the embedded copy to not block the prce3 removal in Debian.

As a general comment, this would be a lot worse than keeping pcre3.

If any copy of this library should be used at all in bookworm,
it should be provided by src:pcre3.

Switching from src:pcre3 to an older vendored copy would likely create 
additional security vulnerabilities for our users,[1] even with only one 
user in bookworm shipping it security supportable in src:pcre3 would be 
better than hiding vulnerabilities through vendoring.

> Kind Regards,
> 
> Bas

cu
Adrian

[1] https://security-tracker.debian.org/tracker/source-package/pcre3

Reply to:

Follow-Ups:
- Re: Bug#1000000: fixed in phast 1.6+dfsg-2
  - From: Andreas Tille <tille@debian.org>
- Re: Bug#1000000: fixed in phast 1.6+dfsg-2
  - From: Holger Levsen <holger@layer-acht.org>

Prev by Date: Re: merged-/usr transition: debconf or not?
Next by Date: Re: merged-/usr transition: debconf or not?
Previous by thread: Bug#1000166: ITP: qt6-webengine -- Qt 6 WebEngine module
Next by thread: Re: Bug#1000000: fixed in phast 1.6+dfsg-2
Index(es):
- Date
- Thread