Quoting Nilesh Patra (2020-07-08 17:13:49) > On Wed, 8 Jul 2020, 20:38 Jonas Smedegaard, <jo...@jones.dk> wrote: > > If we expect this package to evolve badly, then we should *not* keep > > an embedded copy of libsass, but instead remove this package and all > > its reverse dependencies, because libsass has been proven insecure > > if left unmaintained, > > > It has a few reverse dependencies - I mainly packaged this for getting > node-mermaid to Debian which is still in NEW, and hopefully will be > accepted. I am interested in maintaining mermaid and hence do not want > to remove node-node-sass.
I don't want packages removed either - and for this one specifically, I very much look forward to having mermaid in Debian - cool stuff!) My point was that it is not a viable path forward to expect upstream code to evolve badly: Either there is some expectancy of healthy maintenance upstream, or it is unsuitable for inclusion in Debian - there is no third option of (...or we stuff the package with dead code to keep it limping). - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
