Subject: Removing teTeX2 packages (was: Re: Removing teTeX1 package (and dependencies))
To: None <pkgsrc-users@NetBSD.org>
From: Thomas Klausner <wiz@NetBSD.org>
List: pkgsrc-users
Date: 04/17/2006 23:25:06
On Sat, Jan 28, 2006 at 02:52:26PM +0100, Thomas Klausner wrote on tech-pkg:
> Currently, only the teTeX3 packages are patched for the latest
> vulnerabilities. For the 1 and 2 versions, the following
> vulnerabilities are not fixed:
> teTeX-bin-1.[0-9]*      1731,denial-of-service  http://secunia.com/advisories/17916/
> teTeX-bin-2.[0-9]*      1732,denial-of-service  http://secunia.com/advisories/17916/
> teTeX-bin-1.[0-9]*      1734,arbitrary-code-execution   http://secunia.com/advisories/17916/
> teTeX-bin-2.[0-9]*      1735,arbitrary-code-execution   http://secunia.com/advisories/17916/
> teTeX-bin-1.[0-9]*      1737,denial-of-service  http://secunia.com/advisories/18329/
> teTeX-bin-2.[0-9]*      1738,denial-of-service  http://secunia.com/advisories/18329/
> teTeX-bin-1.[0-9]*      1740,arbitrary-code-execution   http://secunia.com/advisories/18329/
> teTeX-bin-2.[0-9]*      1741,arbitrary-code-execution   http://secunia.com/advisories/18329/
> 
> Is there a point in keeping the old teTeX versions?
> 
> Is someone interested in maintaining them actively?
...
> I'm not yet sure what to do about the teTeX2 packages.
> teTeX2 dependencies are:
> print/ja-jsclasses
> print/ja-ptex
> print/ja-ptex-bin
> print/ja-ptex-share
> print/ja-vfxdvik
> print/tex-textpos

I just removed the teTeX1 packages.
The problems in teTeX2 haven't been fixed in the last three months, it
seems noone really wants to maintain them either. Any opposition to
removing them too?
 Thomas