Re: Bug#638760: Removal of grace, pygrace and expeyes
On Sun, Mar 23, 2014 at 10:02 AM, Michael Banck wrote:
> Hi,
>
> This is my summary, see below for specific replies to specific points:
>
> 1. Grace is not unmaintained, it is maintained in Debian by Nicholas
> Breen. It also is not abandoned upstream, its latest stable release
> being from late 2012.
>
> 2. As t1lib is superseded and unmaintained, it should be removed from
> Debian as a library package.
>
> 3. As grace is a useful application, it should remain in Debian. To
> this end, with respect to point #2 above, it could start to use the
> internal copy of t1lib instead of the external package.
>
> 4. As soon as grace is switched to the internal copy, t1lib becomes a
> convenience library of grace, similar to thousands of other convenience
> libraries in Debian package. In particular, security concerns should be
> less pronounced, as grace does not (TTBOMK) run as root, nor does it
> listen on the network. Basically, the security concerns should be
> similar to any other piece of C/C++ code in any other graphical
> application.
Embedded libraries are almost always to be avoided due to numerous
reasons listed in the Debian security documentation.
You can make the change to internal t1lib, but you should expect an RC
bug and removal from testing after some time.
That may be a compromise solution. You get to keep grace in unstable,
and advanced users that need it can figure out how to fetch it there,
and at the same time, the deprecated library is kept out of testing
and stable.
Best wishes,
Mike
Reply to: