"Other distros do it" isn't sufficient rationale, by itself, to support putting pcre2 in main. We already ship it, the question is whether it should be in main, meaning whether Canonical will be responsible for support, providing security updates, etc.
To mirror what doko mentioned earlier, what is needed to demote pcre3? Can we start (even a long-running) transition? (So there should be a tracker setup for that). There seems to be new security issues too. I don't have a preference on what version of pcre to use, there should just be a reasonable analysis of how far we are to being able to just one pcre, what the steps needed to get there, possibly bugs open or a transition tracker to follow progress, and whether we can more easily port what seems to require pcre2 now back to pcre3 in order to facilitate maintenance. Should we / can we invest time and effort in porting things from pcre3 to pcre2? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-terminal in Ubuntu. https://bugs.launchpad.net/bugs/1636666 Title: [MIR] pcre2 Status in gnome-terminal package in Ubuntu: Confirmed Status in pcre2 package in Ubuntu: Incomplete Status in vte2.91 package in Ubuntu: Confirmed Bug description: Availability ============ Synced with Debian. Built for all supported architectures. Rationale ========= Required by gnome-terminal 3.22+ and vte2.91 0.46+ Security ======== At least one open security issue, affecting Ubuntu 16.04 LTS https://people.canonical.com/~ubuntu-security/cve/pkg/pcre2.html https://security-tracker.debian.org/tracker/source-package/pcre2 https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pcre Quality assurance ================= - Please subscribe Ubuntu Desktop Bugs or Ubuntu Foundation Bugs (like pcre3) to this package. https://bugs.launchpad.net/ubuntu/+source/pcre2 https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=pcre2 Upstream tests are run during the build but there is no autopkgtest Does not have 3.0 (quilt) set Dependencies ============ Only build-dependencies are dpkg and debhelper. No other added dependencies. Standards compliance ==================== 3.9.6 Maintenance =========== - Actively developed upstream http://pcre.org/ Background information ====================== As the package description states, the older version of this library is confusingly named pcre3 in Debian/Ubuntu. pcre3 is already in Ubuntu main. Other Info ========== In the original release of pcre2 in Jan 2015, the author says this is not just a drastic update to the original pcre but a "new project". He felt free to change names and options. https://lists.exim.org/lurker/message/20150105.162835.0666407a.en.html pcre3 has gotten some bugfix releases since then (from 8.36 to 8.40 released Jan 2017) Some discussion of how it's different: http://www.regular-expressions.info/pcre2.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-terminal/+bug/1636666/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
