Hello, while bumping pcre2 I noted that pcre2 has new maintainers: https://build.opensuse.org/request/show/1252897 https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.45 (from 2025-02-25) We had pcre2 in the distribution for 9 years now (by yours truly), intended to replace pcre "soon". https://build.opensuse.org/request/show/312616 The old library was in quasi-maintenance mode at the time already, and is "unmaintained since 2018". The old pcre library should not only be considered deprecated - but dead and insecure now. We should get rid of it - CWE-1104, OWASP Top 10:2021 #6, and all. I zipped through some easy ones... https://build.opensuse.org/request/show/1253625 proftpd https://build.opensuse.org/request/show/1253337 sngrep https://build.opensuse.org/request/show/1253141 zabbix https://build.opensuse.org/request/show/1253581 apache2-mod_auth_openidc Olaf picked up ocaml-pcre2 and started to look at coccinelle - thanks. https://build.opensuse.org/request/show/1253797 ocaml-pcre2 https://build.opensuse.org/request/show/1254244 coccinelle Some need processing please: https://build.opensuse.org/request/show/1253263 apache2-mod_security2 https://build.opensuse.org/request/show/1253341 liblognorm https://build.opensuse.org/request/show/1253347 rasqal For zsh boo#1201811 did not get far the time. I took a stab: https://build.opensuse.org/request/show/1254254 I would like to discuss at which point are we happy to just whack pcre from the distribution for security reasons. Only 37 binary packages depend on the lib, probably less than 30 once the above is through and some available patches are added. Should we just kill it now and get it over with? Some previous work including patches: https://archlinux.org/todo/move-to-pcre2/ https://md.archlinux.org/p/LPxw6tavl#/ Good night, Andreas