Re: Bug#638760: Removal of grace, pygrace and expeyes

To: Michael Gilbert <mgilbert@debian.org>
Cc: 638760@bugs.debian.org, Debian-science <debian-science@lists.debian.org>
Subject: Re: Bug#638760: Removal of grace, pygrace and expeyes
From: Michael Banck <mbanck@debian.org>
Date: Sun, 23 Mar 2014 18:04:28 +0100
Message-id: <[🔎] 20140323170428.GC31409@raptor.chemicalconnection.dyndns.org>
In-reply-to: <[🔎] CANTw=MPe+3AyF3T-V67+Nx0TSW1=6o72P3Pqzg21uTyf4eJt4g@mail.gmail.com>
References: <[🔎] 20140322161039.26bf0511@sylvester.codehelp> <20140323033848.GE6186@ofb.net> <[🔎] 20140323100353.77ae3b23@sylvester.codehelp> <[🔎] 20140323120814.GA31409@raptor.chemicalconnection.dyndns.org> <[🔎] 20140323131755.782eca00@sylvester.codehelp> <[🔎] 20140323140257.GB31409@raptor.chemicalconnection.dyndns.org> <[🔎] CANTw=MPe+3AyF3T-V67+Nx0TSW1=6o72P3Pqzg21uTyf4eJt4g@mail.gmail.com>

Hi,

On Sun, Mar 23, 2014 at 12:47:18PM -0400, Michael Gilbert wrote:
> On Sun, Mar 23, 2014 at 10:02 AM, Michael Banck wrote:
> > This is my summary, see below for specific replies to specific points:
> >
> > 1. Grace is not unmaintained, it is maintained in Debian by Nicholas
> > Breen.  It also is not abandoned upstream, its latest stable release
> > being from late 2012.
> >
> > 2. As t1lib is superseded and unmaintained, it should be removed from
> > Debian as a library package.
> >
> > 3. As grace is a useful application, it should remain in Debian.  To
> > this end, with respect to point #2 above, it could start to use the
> > internal copy of t1lib instead of the external package.
> >
> > 4. As soon as grace is switched to the internal copy, t1lib becomes a
> > convenience library of grace, similar to thousands of other convenience
> > libraries in Debian package.  In particular, security concerns should be
> > less pronounced, as grace does not (TTBOMK) run as root, nor does it
> > listen on the network.  Basically, the security concerns should be
> > similar to any other piece of C/C++ code in any other graphical
> > application.
> 
> Embedded libraries are almost always to be avoided due to numerous
> reasons listed in the Debian security documentation.

Please explain how this is different to any other convenience library?

As soon as the t1lib library package is removed from Debian, it is not
an embedded library anymore, just some code.  It probably makes sense to
link it statically then.
 
> You can make the change to internal t1lib, but you should expect an RC
> bug and removal from testing after some time.

Whether or not that situation is RC (I don't think it would be) would be
up to the release team or ultimately the tech-ctte I guess.
 
> That may be a compromise solution.  You get to keep grace in unstable,
> and advanced users that need it can figure out how to fetch it there,
> and at the same time, the deprecated library is kept out of testing
> and stable.

I don't see a reason not to ship it in jessie.


Michael

Reply to:

Follow-Ups:
- Re: Bug#638760: Removal of grace, pygrace and expeyes
  - From: Evgeny Stambulchik <Evgeny.Stambulchik@weizmann.ac.il>

References:
- Removal of grace, pygrace and expeyes
  - From: Neil Williams <codehelp@debian.org>
- Re: Removal of grace, pygrace and expeyes
  - From: Neil Williams <codehelp@debian.org>
- Re: Removal of grace, pygrace and expeyes
  - From: Michael Banck <mbanck@debian.org>
- Re: Removal of grace, pygrace and expeyes
  - From: Neil Williams <codehelp@debian.org>
- Re: Removal of grace, pygrace and expeyes
  - From: Michael Banck <mbanck@debian.org>
- Re: Bug#638760: Removal of grace, pygrace and expeyes
  - From: Michael Gilbert <mgilbert@debian.org>

Prev by Date: Re: Bug#638760: Removal of grace, pygrace and expeyes
Next by Date: Re: Bug#638760: Removal of grace, pygrace and expeyes
Previous by thread: Re: Bug#638760: Removal of grace, pygrace and expeyes
Next by thread: Re: Bug#638760: Removal of grace, pygrace and expeyes
Index(es):
- Date
- Thread