On 08/04/2010 01:49 PM, Alexander Reichle-Schmehl wrote:
Hi!
* Nico Golde<n...@debian.org> [100731 17:59]:
PS: I would use some debconf time to improve the situation so
that users will not have security problem after we remove
the packages.
Again, see the NMU I prepared for lxr-cvs, it should be fine. For lxr I think
there is hardly much todo apart from upgrading to the current upstream version
which you haven't done for quite a long. Thus the removal request. If that
changes now fine, then I see no reason to remove it.
So, any comments, Giacomo? I must say, that I tend to agree with Nico
here, and therefore tend to remove the package soonish unless you show some
activity or at least give comment.
It is a difficult question:
- I really think that lxr has less problem than lxr-cvs
- both upstreams are not very active in publishing the tarball
(and debian is doing most of security support)
- lxr-cvs has released many unusable versions (buggy in
core functionality, see e.g. the lasts versions)
- I don't find real alternative in debian (let see
where sources.d.n will go)
- but OTOH I don't think is is so useful to have it in Debian:
they are web application that need many customization,
so IMHO for them it is better to work in a VCS branch
than a package
- I think there are very few true installation of debian
packages (and IMHO the security problems are found
testing the online mozilla lxr).
So let's remove the two packages.
cate
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
