>>>>> Steve Kargl writes:
Steve> Should we consider removing zlib and intl? In particular, zlib 1.2.3
Steve> was released on 19 Jul 05 and included 2 fixes for security issues.
Steve> GCC did not update zlib until 12 Sep 05. Whether the security issues
Steve> in GCC's version of zlib could be exploited, I do not know. I do know
Steve> a 2 month lag time seems inappropriate.
Inappropriate? I don't know. Obviously updating it sooner would
be better. If you are volunteering to perform the merge work, great.
Steve> I support this position. Unfortunately, the first patch I
Steve> submitted (several months ago) that upped the requirement to
Steve> mpfr 2.2.0 for gfortran resulted in several people expressing
Steve> objections about requiring a newer version of mpfr. In fact,
Steve> I suspect the only reason that my recent changes to toplevel
Steve> configure to require 2.2.0 were accepted is because I had 2
Steve> gfortran bug fixes that required that version.
Yes. So?
I agree with Mark that GCC should avoid distributing GMP and MPFR.
Pointing people to a known good version is preferred.
David
