On Mon, Feb 1, 2010 at 00:51:43 -0500, Daniel Kahn Gillmor wrote: > here is a revised patch for #511582 for opie, including a slightly > simpler fix for misaligned XORs and also fixing a lintian error and > several lintian warnings. > > However, it still does not resolve the licensing concerns described on > this bug, and it also leaves several lintian warnings unresolved: > > W: opie source: package-uses-deprecated-debhelper-compat-version 3 > W: opie source: debian-rules-sets-DH_COMPAT line 5 > W: opie source: ancient-standards-version 3.6.1.0 (current is 3.8.3) > W: opie-server: non-standard-file-perm etc/opiekeys 0600 != 0644 > W: opie-server: setuid-binary usr/bin/opiepasswd 4755 root/root > > In particular, i'm concerned that this package has a setuid binary, has > had only NMUs since 2004, hasn't been reviewed for recent Standards or > debhelper versions, and http://bugs.debian.org/511582#30 suggests that > the maintainer seems to think that we should move away from the codebase. > > I'm wondering if we should remove the package from the archive entirely > as a result of this review. I'm not comfortable NMUing a package with > these outstanding concerns. > In order to remove the package, we'd have to remove its reverse dependencies, or change them to not need libopie-dev. According to dak, that would be cyrus-sasl2, inetutils and libpam-opie. Is opie an optional dependency for those packages (I'm guessing not for libpam-opie, no idea for the others)?
Cheers, Julien
signature.asc
Description: Digital signature
