Bug#637040: RM: t1lib/5.1.2-3

[Julien Cristau <jcristau@debian.org>]

tag 637040 moreinfo
kthxbye

On Sun, Aug  7, 2011 at 20:36:04 -0400, Michael Gilbert wrote:

> t1lib has a significant set of security vulnerablities [0] and there
> is no sign of them ever getting fixed with upstream missing in action
> for over three years now.  Because of these issues, xpdf for example
> has dropped support for it in favor of freetype2 [1].  poppler did 
> this a long time ago as well.
> 
> There are a few reverse dependencies, which could also be updated to
> use freetype instead.  These include:
>   
>   php5 (php5-gd binary package)
>   xdvik-ja
>   vflib3
>   matita
>   libimager-perl
>   lablgtkmathview
>   grace
>   evince (libevince3 binary package)
>   dvipng
> 
> I would recommend removing t1lib from the archive.  If the release
> team concurs with this, I will file serious bugs against the
> reverse dependencies.
> 
> Once that's done and everyone is in concurrance, I'll send a
> message to the ftp masters for removal.
> 
As said on irc, filing (non-RC for now) bugs against the reverse
dependencies and providing patches as much as possible should happen
prior to any removal.  Tagging moreinfo for now.

Cheers,
Julien