Time for a new release?

[petterreinholdtsen]

It hs a while since the last stamped release on sourceforge. Is it time to stamp a new one? It would make life easier for maintainers of the package in Linux distributions like Debian.

[skull-squadron]

A year+ later and Gentoo (and likely nonzero rolling distros) are shipping under-maintained, CVE-vulnerable .jar redistributable libraries like xalan.jar 2.7.2 HIGH CVE-2022-34169 in app-text/docbook-xsl-ns-stylesheets-1.79.1 (outdated sf copy from 2015) in the stage3 base system. It's not like it's an RCE web service attack surface, but it's a symptom of knock-on effects of insufficiently-rigorous and regular cadence release engineering combined with under-maintaining vendored dependencies, under-maintained downstream packaging, and the risks inherent to dependencies. Lots of swiss cheese slices need to line up for this to be bad, it just doesn't look good at first glance. Conventional semver releases would be awesome. I'll have to search the interwebs if there's a more current ebuild in another repo for this and docbook parent deps because it's currently in "needs a new maintainer" state in the official Gentoo portage repo. Thanks to all who attempt to fix legacy codebases without throwing away compatibility of important little pieces that hold up the entire internet.