Comment 8 for bug 1636666
Revision history for this message
| Mathieu Trudel-Lapierre (cyphermox) wrote | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
To be clear, I share doko's feeling against having two versions of the library in main if it can be avoided -- this is certainly not a permanent situation, but most things don't appear to have switched to pcre2 just yet (and I would expect they would in the near-ish term). In that sense, I'd be more in favor of not upgrading vte/gnome-terminal for the time being.
To make it simpler: how do we value the benefits of a new pcre2 in main (meaning possibly some new features of gnome-terminal and vte) against the (probably small, but still) maintenance burden of having two PCRE libraries in main or the need to hold gnome-terminal and vte back for this cycle?
To me wearing the MIR team hat, the benefits don't outweigh the increased maintenance work (ie. you can do nothing to vte and gnome-terminal, and we're good), especially when you consider that pcre is the kind of thing that does tend to have CVEs every once in a while[1].
On the other hand, new features are shiny, but they look to me like they might be cherry-pickable. I'm open to be convinced, and the security team probably should have a say in it too (hence my suggestion of bringing it up on the mailing list).
[1] http://