While looking at the sphinx package I noticed it was heavily
undermaintained, which is when we noticed nand0p has been inactive for
roughly 18 months. It is therefore prudent to assume they will not be
maintaining their packages, modules and tests.
- Their last contribution to nixpkgs was in 2019/12
- On 2021/05/08 I wrote them an email to the address listed in the
maintainer-list, which they didn't reply to.
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted. (See #67234, for
example.) Fix this throughout the tree.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Semi-automatic update. These checks were performed:
- built on NixOS
- found 1.8.4 with grep in /nix/store/y4i1yg5dyczsifajqcmws9hv5aqy502k-jsoncpp-1.8.4
- found 1.8.4 in filename of file in /nix/store/y4i1yg5dyczsifajqcmws9hv5aqy502k-jsoncpp-1.8.4
cc "@ttuegel @cpages"
Since the last version update only the static lib was built, and even that was
removed in the last commit. Fix shared ones, which is what we want. Also, add
myself to maintainers.
