Hi Eric, > Given that automake 1.9.6 has a security vulnerability, and that > automake 1.10/autoconf 2.62 have been out for some time now, is it time > to consider upgrading our DEPENDENCIES and dropping support for these > older tool versions?
I think for deciding this one needs to look at the versions that are packaged with the "stable" versions of the common Linux distros. - Ubuntu, ... - RHEL, stable version = 5.5 [1], released just 6 months ago. Taking a look at ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ it appears that it is shipped with automake 1.9.6. - ... - Slackware, stable version = 13.1 [2], it is shipped with automake 1.11.1 [3]. So, as long as RHEL 5 is common and still shipping with automake 1.9.6, I would not like to drop support for it in gnulib. Bruno [1] http://en.wikipedia.org/wiki/RHEL [2] http://en.wikipedia.org/wiki/Slackware [3] http://www.slackware.com/releasenotes/packages13.1.php
