On 6/5/16 8:02 PM, Patrice Clement wrote: > Sunday 05 Jun 2016 19:39:26, Yury German wrote : >> app-text/htmltidy currently has no maintainers. It has a vulnerability >> [Security Bug] filed against it. And a number of other [package depend >> on it]. Is nyone willing to pick it up? >> >> [Secuity Bug] >> https://bugs.gentoo.org/show_bug.cgi?id=561452 >> >> [package depend on it] >> https://qa-reports.gentoo.org/output/genrdeps/dindex/app-text/htmltidy >> https://qa-reports.gentoo.org/output/genrdeps/rindex/app-text/htmltidy
> Don't bother. Have a look at [1], [2] & [3] to find out why. > > tl;dr > > htmltidy has got to be culled at some point since it's now considered obsolete > after tidy-html5 entered the tree a little while ago. It's roughly the same > codebase yet it's HTML 5 compliant. Yay! > > I've been maintaining the latter since its inclusion in the Portage tree but > would definitely need help to remove the former. I didn't swap htmltidy for > tidy-html5 cause they're two different projects. As you can see from the links > above, htmltidy has a gazillion deps. > > [1]: http://tidy.sourceforge.net/ > [2]: http://www.html-tidy.org/ > [3]: https://github.com/htacg/tidy-html5 > This is all agreed, but unless someone is driving this it will never get removed from tree. The security patch is one thing, but cleaning it up and switching to tidy-html5 is why we need a maintainer so that we can get rid of the dependencies otherwise it will sit there unsecured for the next 5 years.
signature.asc
Description: OpenPGP digital signature
