[xml/sgml-pkgs] Too many xerces versions in sarge: can we get rid of some?

Steve Langasek vorlon@debian.org
Sun, 27 Mar 2005 00:16:34 -0800

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi folks,

We've noticed that there are a number of versions of xerces floating around
in testing right now; given that there's just been a security advisory for
xerces25, I think we should look at getting some of these removed from
testing prior to release.  What needs to happen before we can do that,
besides getting packages recompiled against xerces26?

The versions in testing that currently have reverse-dependencies are
xerces21, xerces23, and xerces25; I've pulled xerces24 and xerces26 out
since they're libraries with no reverse-deps, though of course xerces26 can
go back in if it's the version we want to use for sarge.

Removing xerces21 from sarge requires rebuilding or removing gdal and qgis.

Removing xerces23 requires rebuilding/removing libxml-xerces-perl.

Removing xerces25 requires rebuilding/removing xalan and anon-proxy.

How feasible is it to get these packages rebuilt?  If we can at least get
this down to two versions, that would be a big help; one version would be
ideal.  3 (or 5, as we had earlier) is excessive.

Can I go ahead and ask for xerces24 to be removed from unstable (or, let one
of the maintainers do so)?  If we are to target getting this down to one
version, is xerces26 the one to go for?

Steve Langasek
postmodern programmer

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.2.5 (GNU/Linux)