Description
I am quite sure this also applies to this software:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742605
https://git.archlinux.org/svntogit/packages.git/tree/trunk/CVE-2014-7204.patch?h=packages/ctags
Context:
I try to package arduino builder independent from arduino. Using pure ctags does not work because the arduino patches are required and using the new fork #2 was not implemented yet.
The whole dependency hell of arduino gives me headache. Could you please confirm to upstream packages and patch sources upstream instead of creating unique forks? This would give us way better maintenance, less data dedup, upstream bugsfixes/features and less security issues. This is a real issue and not something low priority to fix some day. You will likely miss issue like the one linked above.
--> One more reason to implement #2. The maintainer was also willing to help.