Hi, IMHO, this discussion went well out of proportions... On 23/03/14 18:47, Michael Gilbert wrote:
Embedded libraries are almost always to be avoided due to numerous reasons listed in the Debian security documentation.
Right, but these reasons are inapplicable when the external library is removed from the debian archive and as such, is literally inexistent for debian users. From this point on, t1lib is a part of the grace package. Its sources should be treated exactly like the rest of C files under the grace-x.y.z directory.
You can make the change to internal t1lib, but you should expect an RC bug and removal from testing after some time.
Why then? I mean, anything may happen, but how is this related to the _current_ motion to remove the _t1lib_ package?
That may be a compromise solution. You get to keep grace in unstable, and advanced users that need it can figure out how to fetch it there, and at the same time, the deprecated library is kept out of testing and stable.
The deprecated library is kept out of testing and stable by removing _its_ _own_ package. It is not installed in /usr/[lib,include]. Just linked statically in a single executable.
Best, Evgeny