[xml/sgml-pkgs] Re: Too many xerces versions in sarge: can we get rid of some?

[Steve Langasek]

--szlDyXxWT551m6yh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Mar 27, 2005 at 12:16:34AM -0800, Steve Langasek wrote:
> We've noticed that there are a number of versions of xerces floating arou=
nd
> in testing right now; given that there's just been a security advisory for
> xerces25, I think we should look at getting some of these removed from
> testing prior to release.  What needs to happen before we can do that,
> besides getting packages recompiled against xerces26?

> The versions in testing that currently have reverse-dependencies are
> xerces21, xerces23, and xerces25; I've pulled xerces24 and xerces26 out
> since they're libraries with no reverse-deps, though of course xerces26 c=
an
> go back in if it's the version we want to use for sarge.

> Removing xerces21 from sarge requires rebuilding or removing gdal and qgi=
s.

> Removing xerces23 requires rebuilding/removing libxml-xerces-perl.

For kicks, I've tried rebuilding gdal, qgis, and libxml-xerces-perl against
xerces26.  gdal and qgis appear to have built fine, with only an edit of
debian/control; libxml-xerces-perl complains that a new version of xerces
requires a new version of XML::Xerces.  I didn't try rebuilding xalan and
anon-proxy.

So, it looks like 23/25 or 23/26 would be the best to ship with sarge,
unless there's some reason why recompiling gdal and qgis isn't enough.

Cheers,
--=20
Steve Langasek
postmodern programmer

--szlDyXxWT551m6yh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCRrEyKN6ufymYLloRAowrAJ0eXUyhnSoMxzfLPubSgFjZBvUpJgCgkr8i
mmEigwEJbkEcIQqJhEhCQDI=
=63IN
-----END PGP SIGNATURE-----

--szlDyXxWT551m6yh--