On Mon, Jan 14, 2008 at 12:59:34PM -0800, Jack T Mudge III wrote:
It seems to me that removing old packages just because they are old misses an
important point: There are people who use them. Perhaps warning them that the
packages are ancient and may be dangerous to their health is a good thing.
Removing xview or similar small, insignificant (to debian, not to the users
necessarily), and old packages doesn't seem like it'd do much good. It would,
however, annoy the users who DO still use them.
xview is not "just" old; it's old, no longer developed, and cannot be ported
to any recent 64-bit systems. The last new upstream version, according to
the Debian changelog, was over a decade ago; the last upload of the package
prior to the sarge release, 3.2p1.4-19, included a security fix, and it is
reasonably likely that there have been no new security fixes since then only
because people have stopped caring about this code. (The state of the art
for security exploits has advanced sufficiently over time that even the best
of code written in 1997 stands a middling chance of being vulnerable in one
or more ways that the author had never conceived of.)