On Mon, Jan 14, 2008 at 12:59:34PM -0800, Jack T Mudge III wrote: > It seems to me that removing old packages just because they are old misses an > important point: There are people who use them. Perhaps warning them that the > packages are ancient and may be dangerous to their health is a good thing. > Removing xview or similar small, insignificant (to debian, not to the users > necessarily), and old packages doesn't seem like it'd do much good. It would, > however, annoy the users who DO still use them.
xview is not "just" old; it's old, no longer developed, and cannot be ported to any recent 64-bit systems. The last new upstream version, according to the Debian changelog, was over a decade ago; the last upload of the package prior to the sarge release, 3.2p1.4-19, included a security fix, and it is reasonably likely that there have been no new security fixes since then only because people have stopped caring about this code. (The state of the art for security exploits has advanced sufficiently over time that even the best of code written in 1997 stands a middling chance of being vulnerable in one or more ways that the author had never conceived of.) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
