On Wednesday 12 July 2006 16:43, [EMAIL PROTECTED] wrote: > Guys, > > The xpdf version we have currently in the tree is a modified one that > links to poppler, provided in IRC to genstef by an ubuntu developer (no, > ubuntu does not use it); now, I can understand that having a single > point of failure is desiderable, but I completely disagree when doing > this implies using a thirdy-party version not maintained/hosted anywhere > (the reasons being obvious, I hope). Besides, it's improbable that > upstream will add support for poppler in xpdf. > > I really would like to see back the upstream version, what do you think? The reason for this was security I believe. xpdf code is embedded in lots of other packages (see http://glsa.gentoo.org for some examples). By linking to poppler this is fixed in one place.
Though if someone is willing to maintain a vanilla xpdf ebuild I'd have no complaints. Genstef? -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team
pgpWmc3mu6JfD.pgp
Description: PGP signature