Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 644344 - net-analyzer/scli and net-libs/gsnmp removal request
Summary: net-analyzer/scli and net-libs/gsnmp removal request
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Netmon Herd
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 672172 672174 672176
  Show dependency tree
 
Reported: 2018-01-12 16:46 UTC by Pacho Ramos
Modified: 2019-06-04 07:53 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pacho Ramos gentoo-dev 2018-01-12 16:46:10 UTC
I got into this when looking for old packages requiring the dead gnet lib. Then I saw that also Debian killed it because of this bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745737
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572830

Maybe we could also treeclean it :/ I have also failed to reach upstream homepage
Comment 1 Pacho Ramos gentoo-dev 2018-01-12 16:47:00 UTC
this is also the only consumer of net-libs/gsnmp
Comment 2 Jeroen Roovers gentoo-dev 2018-01-12 16:50:14 UTC
What is actually wrong with net-libs/gnet?
Comment 3 Pacho Ramos gentoo-dev 2018-01-13 12:41:30 UTC
It is a bit explained by upstream at:
https://wiki.gnome.org/Projects/GNetLibrary
Comment 4 Jeroen Roovers gentoo-dev 2018-01-14 13:20:11 UTC
(In reply to Pacho Ramos from comment #3)
> It is a bit explained by upstream at:
> https://wiki.gnome.org/Projects/GNetLibrary

That's a couple of pages of text none of which seems to relate to the question I asked: What is actually wrong with the library?

Does gnome@ intend to remove net-libs/gnet? Are other packages affected besides the ones you mention here? Is there any urgency in removing net-libs/gnet, like security issues?
Comment 5 Mart Raudsepp gentoo-dev 2018-01-14 17:00:24 UTC
There is no known urgency to me, but gnet development stopped at 2008 and no-one does any kind of security audits or whatever on it. Sooner or later it is prudent to remove stuff not maintained upstream for 10 years. Rather sooner than later. Additionally if things still rely on that, instead of much better glib GIO networking layer (available for half a decade or more), then that points to unmaintained upstream of these consumers as well.
Comment 6 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-11-28 14:59:51 UTC
So to summarize:

gsnmp: last ebuild update Nov 2014 (adding local patches), last (and only) version added in Jun 2011

scli: last ebuild update Nov 2014 (adding local patches), last bump in Sep 2012

Both packages are ancient, have no upstream and (given no bug reports in Gentoo) likely aren't used by anyone.  With no homepage and being removed from most of the other distributions, it's quite likely that they have no more than a few users.  In the end, we can quite positively assume they may have security bugs nobody noticed.

So, do you have any actual argument for keeping those packages?