What to do about Xalan?
Sam Hartman
hartmans at debian.org
Sat Jan 7 01:02:36 GMT 2023
>>>>> "Ferenc" == Ferenc Wágner <wferi at niif.hu> writes:
Ferenc> found no report requesting it. Moreover, the only reverse
Ferenc> dependency of libxml-security-c within Debian is Shibboleth,
Ferenc> so we could risk pulling support... If only the freeze
Ferenc> wasn't so damn close. Does this break ABI for consumers not
Ferenc> using XPath/XSLT support (like Shibboleth)?
I'd file a transition bug and ask the RT what they think about it.
Making a change to reduce an attack surface might be something where you
could even get security team support behind it.
Let me know if you need help with release team paperwork to ask the
question.
--Sam
More information about the Pkg-shibboleth-devel
mailing list