Dixi quod… >Huh. MuseScore (Studio) is a desktop application.
I’ll add a README.Debian note about that fact and that upstream has never considered crashes on invalid input a bug and that it hasn’t been designed as a remotely accessible service, but as a desktop application, and that users should confine suitably. The Capella import is a vast minority feature and incomplete anyway, so I douby many users use it directly. It’ll also document that these versions receive no support (security or otherwise) from upstream any more (they’ve gone open-core, proprietary-extension, version 4, which I don’t intend to package), though there’s a 3.x community effort whose initiator I know, which I’ve been intending to package as musescore-snapshot (it’s “tip of the git branch” without releases to avoid looking official due to the use of the well-known name) and with whom I’ll cooperate. This is a bit like the limited security support for binutils, I suppose. Could/should we document that in the same places? >I will have to investigate whether they mean indeed this >or the musescore.com site or mobile äpps or something. Given the lack of further information, I’ve contacted the ZDI to get some; otherwise I can run it with valgrind a bit, but without a reproducer testcase it’s not very likely to find it. I’ll keep the bugreport informed. bye, //mirabilos -- Solange man keine schmutzigen Tricks macht, und ich meine *wirklich* schmutzige Tricks, wie bei einer doppelt verketteten Liste beide Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz hervorragend. -- Andreas Bogk über boehm-gc in d.a.s.r