From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Enge Subject: Re: [v2 0/1] Jasper security fixes Date: Thu, 4 Feb 2016 11:45:38 +0100 Message-ID: <20160204104538.GA23977@debian.eduroam.u-bordeaux.fr> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:36279) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aRHQ6-0000iB-7I for guix-devel@gnu.org; Thu, 04 Feb 2016 05:45:51 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aRHQ1-0003WW-59 for guix-devel@gnu.org; Thu, 04 Feb 2016 05:45:50 -0500 Received: from mailrelay2.public.one.com ([91.198.169.125]:11170) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aRHQ0-0003WQ-Oi for guix-devel@gnu.org; Thu, 04 Feb 2016 05:45:45 -0500 Content-Disposition: inline In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Leo Famulari Cc: guix-devel@gnu.org It is a bit frightening that such a package with lots of CVE fixes apparently is dead upstream (since the patches from 2008 have not been incorporated into a new release). On the other hand, someone must have written the patches; is there no new upstream who has taken over? If not, is the software still useful and unique enough to keep it around? Apart from these more fundamental questions, it looks good to push. Andreas