Charles Plessy dijo [Tue, Dec 09, 2008 at 08:48:34AM +0900]: > seecurity is of course important, but as I was told during the last DPL > debate, > it is possible to opt out support from the security team, which is only for > Stable anyway. > > Buffer overflows are not the same issues when viewing downloaded PDFs from > anywhere compared to viewing molecules which structure is downloaded from a > curated databank or from a local structural biology facility. Why not keeping > in Debian a package that helps people to compile software that is useful and > is > not broken? It does not cost manpower to Debian: nobody in this thread has > asked for security support, and Morten has proposed to releive the GNOME team > from the burden.
Agree on this - But the moment you are providing a library (and specially a library that was hugely popular in the past), you are opening the door to all kinds of applications to use it. Yes, I can code up a perfectly secure Gtk1.2 app that interacts only with me, but having a stale library in our pool makes people be creative about it... Or makes people ITP an old, abandoned but great tool not once updated since 1999. > As for scientific software, nobody will find the time or the money to upgrade > from GTK1.2 to GTK2 only for the beauty of it. People are rewarded on their > new > developments, not on code maintainance. Agree. But people might willing to invest some energy into porting their eight year old applications so they run on any modern-day distribution. And if they are sure their application runs with closed, secure data, and if the application is production-quality and does not need to be touched... Well, you can perfectly keep a cluster of Woody machines for a long time! -- Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)5623-0154 / 1451-2244 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
