* Neil Williams [Sun, 08 Jul 2007 16:01:54 +0100]: > $ apt-cache rdepends libgtk1.2 | grep -c -v "^lib" > 316
> I'm not sure Debian needs to throw out over 300 applications before > Lenny. True, most of those are dead upstream - AFAICT GnuCash was the > last active upstream to make it to gtk2 - but although these packages > use old libraries that have an undoubted *potential* for security > problems, in the absence of actual bug reports is it really worth > dropping so many packages? (The following paragraphs are not referred to GTK+1.2 applications in particular.) I don't see what's wrong with making a bit of cleaning in our distribution, so that what new users see available does not include software for which they have no chance to get bug fixed, and for which security issues get noticed and fixed, etc. In a nutshell, dropping a package means: "hey, user, we *don't* think it's worth your time installing this package to see if it fits your needs, please look elsewhere". (Which is not the same as "this package has no upstream", btw.) But in any case, users of dropped packages are free to kept them installed on their systems, together with all necessary libraries. And since our upgrade process allows that, I don't see why we should refrain from doing housekeeping in our archive. And heck, if a user knows that a certain dropped, seven year old application is exactly what they need, they can grab it from the previous distribution and install it. Chances are that it'll install without problems (together with dependencies, of course). Sure, it's not straightforward, but it'll also not be the common case. My 2¢. -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Arguing with an engineer is like wrestling with a pig in mud: after a while, you realize the pig is enjoying it.
