On Fri, Jul 26, 2024 at 03:13:27PM GMT, David Abdurachmanov wrote: > On Tue, Jul 23, 2024 at 5:30 PM Miro Hrončok <mhroncok@xxxxxxxxxx> wrote: > > > > Dear maintainers. > > > > Based on the current fail to build from source policy, the following packages > > should be retired from Fedora 41 approximately one week before branching. > > Hi Miro, > > I suggest including the following two packages: > - InsightToolkit > - gimp-separate+ > > These packages failed in mass rebuilds (F40 and F41). These continue > to depend on old libtiff (with CVEs). > > Looking at gimp-separate+ the domain in URL: field is no longer valid. > We are using source code from 2010 (final release). There was an > attempt for a minor (patch level) release in 2016. They did some alpha > tarballs, but I don't see any release. It seems to be dead for a > decade or so. > > InsightToolkit seems to fail compiling VTK bits. We could probably > disable the VTK sub-package for now. > > Then finally stop libtiff incl. old libtiff binaries with CVEs. For completeness' sake, this is the bug that has been filed a while ago against libtiff to highlight the problematic situation David is referring to: https://bugzilla.redhat.com/show_bug.cgi?id=2292047 If the packages that still need libtiff.so.5 were to be retired, addressing it would become trivial. -- Andrea Bolognani / Red Hat / Virtualization -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
