On Tue, 2018-09-11 at 07:40 +0100, John Cupitt via gtk-devel-list
wrote:
> On Tue, 11 Sep 2018 at 03:11, Magnus Bergman
> <magnus.berg...@snisurset.net> wrote:
> > On Tue, 11 Sep 2018 00:07:27 +0200
> > Bastien Nocera <had...@hadess.net> wrote:
> > > No, it really isn't:
> > > 
https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html
> > > 
> > > We want to have less CVEs, not more.
> > 
> > I see what you mean. A few of them (although none of the more
> > serious
> > ones) were even related to the GIF loader specifically. But the
> > sheer
> > volume kind of speaks for itself otherwise. :(
> 
> IM joined Google's OSS-Fuzz programme last year:
> 
> https://github.com/google/oss-fuzz
> 
> The huge surge in CVEs was caused by that --- they've been fixing one
> or two a day ever since. Once they are through this very painful
> process, IM ought to be rather safe.
> 
> I do agree though that it's a large and complex thing to use for such
> a (relatively) simple task.

I maintained ImageMagick in RHEL a long time ago, it was already that
way though security issues cropped up a bit less often than every day
(!). I don't see any reason for us to want to us it.

_______________________________________________
gtk-devel-list mailing list
gtk-devel-list@gnome.org
https://mail.gnome.org/mailman/listinfo/gtk-devel-list

Reply via email to