Package: wnpp
Severity: normal
(Please don't file other ITR bugs, I'm trying to gauge how our existing
infrastructure (PTS, wnpp-alert, etc) handles a new type of wnpp bug. And
more importantly, let's see how _people_ handle this concept.)
I propose removal of "gnats", the old GNU bug tracking system. While it's
not completely unused (popcon of gnats-user/gnats inst 17/12, vote 11/8),
the Debian QA-maintenance is so inadequate that the last bump of .orig was
in 2005. Thus, I believe that users would be better served using the
files from upstream directly. Or, preferably, not at all -- during those 13
years there was only 1 (one) release, and the amount of activity, and
commits (in CVS!) suggests that gnats is hardly on life support anymore.
For something like a bug tracker that inherently processed untrusted input,
I believe the lack of CVEs in due to no one bothering to look rather than
the code being actually secure.
Thus, unless someone objects in the next ${amount of time determined in the
d-devel thread}, I'll reassign this as a RoQA.
This removal would also allow retiring one of hard-coded uids from
/etc/passwd that's currently present on every Debian system.
The package description is:
GNATS is a bug-tracking tool designed for use at a central "Support
Site". Users who experience problems use electronic mail to
communicate these problems to "maintainers" at that Support Site.
.
GNATS offers many of the same features offered by more generalized
databases, including editing, querying, and basic reporting. You can
access the submitting, editing, and querying functions of GNATS
through provided utilities or from within GNU Emacs.
.
The "gnats" package has the full installation for the central database
server. For client systems, use the "gnats-user" package which has just
the user tools.
