Bug#172890: Intent to remove libxaw6 from Debian [security issues]
Hi, Drew Parsons wrote: This has the potential to impact on any third party packages which use libxaw6. We don't believe this should annul the package's removal however, because a) these packages should be rebuilt against libxaw7 anyway, and The problem with third-party packages is that it's usually impossible to rebuild them (i.e. commercial software), and in the libxaw case, a lot of people use libxaw 6 because the ABI has been stable for a long time (I remember RedHat shipping their own incompatible version of Xaw some time ago). b) libxaw6 can still be taken from etch if really needed. Which would also have the security issue? Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#172890: Intent to remove libxaw6 from Debian [security issues]
Dear Debian Developers, the X Strike Force intends to remove libxaw6 from the archive. The reason is explained in bug #172890. In short, libxaw6 has a security flaw where it displays passwords in plain text. The flaw is fixed in libxaw7. All packages in Debian now use libxaw7 rather than libxaw6. We therefore consider it prudent to remove libxaw6 from the archive to avert any possible future misuses. This has the potential to impact on any third party packages which use libxaw6. We don't believe this should annul the package's removal however, because a) these packages should be rebuilt against libxaw7 anyway, and b) libxaw6 can still be taken from etch if really needed. The LSB does not specify any requirements for libxaw (v7 or otherwise). Please let us know (by replying to bug #172890) if you have any objections or can otherwise present an argument in favour of keeping libxaw6. Otherwise, we will remove it in a week or so. Drew Parsons \hat{XSF} signature.asc Description: This is a digitally signed message part