Sune Kloppenborg Jeppesen wrote: > On Wednesday 12 July 2006 16:43, [EMAIL PROTECTED] wrote: > > Guys, > > > > The xpdf version we have currently in the tree is a modified one that > > links to poppler, provided in IRC to genstef by an ubuntu developer (no, > > ubuntu does not use it); now, I can understand that having a single > > point of failure is desiderable, but I completely disagree when doing > > this implies using a thirdy-party version not maintained/hosted anywhere > > (the reasons being obvious, I hope). Besides, it's improbable that > > upstream will add support for poppler in xpdf. > > > > I really would like to see back the upstream version, what do you think? > The reason for this was security I believe. xpdf code is embedded in lots of > other packages (see http://glsa.gentoo.org for some examples). By linking to > poppler this is fixed in one place.
That's what I meant with "having a single point of failure". While I understand the goal I do not agree with the solution; since when do we prefer to replace an official maintained version of a software with whatever thirdy-party version when this can ease maintenance wrt security? -- Emanuele -- gentoo-dev@gentoo.org mailing list
