What to do about Xalan?
Ferenc Wágner
wferi at niif.hu
Mon Jan 9 09:55:45 GMT 2023
Russ Allbery <rra at debian.org> writes:
> I suspect this was my fault back in the day and I added support just
> because there was a configure probe for it and Xalan was available. I
> don't remember for certain, but that sounds like something I would have
> done.
Turns out it was my doing, but I feel considerably less bad about it
after reading the above. :)
Sam Hartman <hartmans at debian.org> writes:
> I'd file a transition bug and ask the RT what they think about it.
> Making a change to reduce an attack surface might be something where you
> could even get security team support behind it.
>
> Let me know if you need help with release team paperwork to ask the
> question.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028286. In the
end I skipped the question about best handling this in bullseye for
better focus. Please don't hold back on improvements!
--
Thanks,
Feri.
More information about the Pkg-shibboleth-devel
mailing list