To be clear, I share doko's feeling against having two versions of the library in main if it can be avoided -- this is certainly not a permanent situation, but most things don't appear to have switched to pcre2 just yet (and I would expect they would in the near-ish term). In that sense, I'd be more in favor of not upgrading vte/gnome-terminal for the time being.
To make it simpler: how do we value the benefits of a new pcre2 in main (meaning possibly some new features of gnome-terminal and vte) against the (probably small, but still) maintenance burden of having two PCRE libraries in main or the need to hold gnome-terminal and vte back for this cycle? To me wearing the MIR team hat, the benefits don't outweigh the increased maintenance work (ie. you can do nothing to vte and gnome- terminal, and we're good), especially when you consider that pcre is the kind of thing that does tend to have CVEs every once in a while[1]. On the other hand, new features are shiny, but they look to me like they might be cherry-pickable. I'm open to be convinced, and the security team probably should have a say in it too (hence my suggestion of bringing it up on the mailing list). [1] http://www.cvedetails.com/product/5715/Pcre-Pcre.html?vendor_id=3265 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-terminal in Ubuntu. https://bugs.launchpad.net/bugs/1636666 Title: [MIR] pcre2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-terminal/+bug/1636666/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
