Dave Sizer <[email protected]> writes: > Thanks for writing this up and bringing attention to it, I agree it is a big > problem. > > Thinking about it though - if we can't afford to keep packages on older > versions, and we also can't afford to spend the effort to police upstreams, > then what options does that really leave? >
HarfBuzz is an interesting case here, I think. >=13 [0] (and actually >12.3.2 [1]) are tainted, but the maintainer has said that it's feasible to stick with 12.3.2 [1][2] as a fork in distros because applications rely on an API that is stable. I consider this to be a case we can work with and for chardet to be something we can treat similarly, by lobbying upstreams to not depend on >=7 (any new APIs introduced in such a version or beyond) or port to charset_normalizer instead. > Do you have any proposals you are thinking about? I've outlined proposals for these cases where we can do something in another email. [0] https://typo.social/@behdad/116172838540880597 [1] https://typo.social/@behdad/116177695634741829 [2] https://typo.social/@behdad/116177885160175493 > > - Dave > [...] sam
signature.asc
Description: PGP signature
