
Le jeudi 07 janvier 2010, à 13:24 +0100, Ludwig Nussel a écrit :
Vincent Untz wrote:
For a while, I've been wondering why we still have glib 1.x and gtk 1.x (as well as some other part of the GNOME 1.x stack). So today I looked at this closely, and I think we can work towards removing those packages.
We still have even older toolkits like motif and xaw3d. Gtk1 was once very popular, there are probably 3rd party tools out there that use it¹.
For motif: - last release of openmotif: 2.3.2, 15/03/2009 - last release of lesstif: 0.95.2, 27/05/2009 For xaw3d: - last release: 1.5E, 17/04/2003 For GTK+ 1.2: - last release: 1.2.10, 04/01/2002 It looks to me like motif is well maintained anyway, so it's not an issue. Xaw3d is not as well maintained, but at least it had a release after the last GTK+ 1.2 release...
Why should we remove those libraries? Well, they're not maintained upstream, and from a security point of view, this can be quite bad.
Well, what kind of security issues do you expect? Some integer overflows in gdk_pixbuf maybe. Nothing that would be hard nor critical to fix I suppose.
I don't assume anything about potential security issues, except that I doubt anybody from the GNOME team will ever look at them. Keep also in mind that applications (or optional code in applications) using those old libraries are likely to not be maintained by anybody upstream since many years. This means we're supporting stuff with no active upstream, and this is generally a bad idea, imho. Anyway, let's turn the topic another way: the GNOME team will most likely stop supporting glib/gtk 1.x (and other GNOME 1.x stuff) in 11.3. If anybody wants to step up and maintain them, we can make this happen: we will create a devel project in the build service and move everything there. Vincent -- Les gens heureux ne sont pas pressés. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org