Hi, At Sun, 18 Oct 2009 19:13:09 +0200,
> >In addition to Francesco's mail, I'd like to ask why ghostscript is > >committing the CMap files to their SVN, shouldn't they just depend > >on them instead of making an embedded data copy? > > We (the Debian ghostscript team) do not include CMap files, upstream > do. Yes, and I had been removing them from orig.tar.gz manually whenever the new upstream release came out... I don't know why they include CMaps in the upstream tarball. My guess is, until very recently, Adobe didn't release CMaps in a coherent way -- sometimes a part of Acrobat, sometimes a part of something, such as the example files of Lunde's CJKV book, or mysteriously appear out of the blue in somewhere at ftp.adobe.com, etc. And in some cases those were a little bit different from each other. I guess that's one of the reason the upstream decided to include their own copy of CMaps in GS tarball. Of course, now the situation has changed, so it's possibly worth trying to convince the upstream not to include CMaps in the upstream tarball. It became a mere redundancy. Also, I know some Debian packages currently contain or use their own copy of Cmaps. For example, poppler uses poppler-data, which contains Cmaps. IIRC xpdf-* and dvipdfmx have some Cmaps, too. I think we should begin a coordinated effort to identify such packages and try to convince the upstream or Debian maintainers to use Cmaps in cmap-adobe-* instead. Possibly we need some very short Debian Cmap policy or such, I guess. > They include several software parts that we then avoid using - more > so in recent cleanups made by me, and even more (separate packaging > of jbig2dec) still pending. That's their tradition -- they want their customers to use the libraries included in the upstream tarball, so that they can (hopefully) reproduce any problem their customer has experienced. From a security perspective, it's a nightmare. > Masayuki Hatta is probably more knowledgable about CMap files than > me. I just didn't hear from him for a long time so did not expect > him to be active currently. Still buried under a pile of everyday odd jobs -- sorry but you are doing fine ;-) Hopefully I'll be back soon. Best regards, MH -- Masayuki Hatta Graduate School of Economics, The University of Tokyo Manufacturing Management Research Center, The University of Tokyo [email protected] / [email protected] [email protected] / [email protected] / [email protected] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
