Hi Michael,
On Mon Jan 12, 2026 at 3:25 PM GMT, Michael Biebl wrote:
Where do you expect that security fixes come from if there is no more
active upstream?
I think you have misunderstood the intended meaning of my mail.
I am trying to not underestimate the work required to maintain GTK2,
both in and outside of Debian (and still likely I am). I definitely
agree with smcv up-thread that maintaining it in an upstream would be
the only viable approach, and I'm especially interested to explore
Ardour's fork and what their position is and expectations are.
What I was replying to was some proposed rules to be imposed upon anyone
picking up GTK2 maintenance. My point was that the rules were both
ambiguous, and (subject to a particular interpretation) more onerous
than any rules currently applied to any existing package or team.
--
👱🏻 Jonathan Dowland
✎ [email protected]
🔗 https://jmtd.net
