On Fri, Apr 24, 2015 at 12:40:25PM -0400, Scott Kitterman wrote:
> On Friday, April 24, 2015 09:03:53 AM Arturo Borrero Gonzalez wrote:
> > Package: ftp.debian.org
> > Severity: normal
> >
> > Hi,
> >
> > upstream ships suricata with libhtp (same tarball). There are some bugs in
> > libhtp not so easy to handle, and libhtp has no rev-depends apart of
> > suricata.
> >
> > Please, remove libthp from Debian. We will see in the future if it's
> > worth packaging it.
>
> Policy says libraries should be packaged separately and not bundled. What
> makes libthp such a special snowflake we should ignore that? What is hard
> about libthp that's not hard if it's an embedded copy?
Let's proceed with the removal for now. The version in the archive is
unmaintained
and has open vulnerabilities.
Cheers,
Moritz
