On 08/04/2010 01:49 PM, Alexander Reichle-Schmehl wrote:
Hi!

* Nico Golde<n...@debian.org>  [100731 17:59]:

PS: I would use some debconf time to improve the situation so
that users will not have security problem after we remove
the packages.
Again, see the NMU I prepared for lxr-cvs, it should be fine. For lxr I think
there is hardly much todo apart from upgrading to the current upstream version
which you haven't done for quite a long. Thus the removal request. If that
changes now fine, then I see no reason to remove it.

So, any comments, Giacomo?  I must say, that I tend to agree with Nico
here, and therefore tend to remove the package soonish unless you show some
activity or at least give comment.

It is a difficult question:
- I really think that lxr has less problem than lxr-cvs
- both upstreams are not very active in publishing the tarball
  (and debian is doing most of security support)
- lxr-cvs has released many unusable versions (buggy in
  core functionality, see e.g. the lasts versions)
- I don't find real alternative in debian (let see
  where sources.d.n will go)
- but OTOH I don't think is is so useful to have it in Debian:
  they are web application that need many customization,
  so IMHO for them it is better to work in a VCS branch
  than a package
- I think there are very few true installation of debian
  packages (and IMHO the security problems are found
  testing the online mozilla lxr).

So let's remove the two packages.

        cate



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to