On Tue, Nov 05, 2019 at 10:56:49PM +0100, Matthew Brincke wrote:
> I don't think a new release should contain any known security issues,
> and if I recall correctly this was already deprioritised in 0.9.6, it'd
> disappoint me if this happened again.
Well, IMHO it's not something to be ashemed of :)
Bugs happen all the time to all kind of projects, security issues are
just one kind of them. Considering the flow and the rate at which they
are being fixed, it just feels to me that some are going to take quite a
while more to see a fix.
> Is it still called "cherry-picking"
> when all the patches are taken into the packaging, or is there something
> to exclude from the Debian package (if I'm informed right, 0.9.7 is to be
> a bugfix-only release)?
I'm not sure what you mean here. Clearly, every time I take a single
commit into the packaging that is not part of the base release, that's
called "cherry-picking", isn't it?
I'm not particularly bothered by the cherry-picking per se, just that at
one point it can get tricky to apply patches that are conflicting with
each other, plus due to the nature of this project that doesn't consider
ABI stability yet we also have to double check that the ABI isn't broken
(like it happened a couple of years ago), so it's just somewhat annoying
at times.
> > Are there any particular blockers for 0.9.7 at this time?
>
> I would also like to work on a fix for CVE-2018-8002 if it's understood
> that it would entail a technical limit for nesting as there are limits
> given in an appendix of the PDF spec (free PDF32000_2008.pdf). For me,
> getting acceptance on what should be in the special (documentation)
> revision 2000 (see other ML post, please) would come first.
Yes, I've seen the posts about r2000. I see we are only a commi away
from it ;)
In any case, just take this thread of mine as a kind request for a new
release, nothing more. I have to take on commits for the debian stable
releases anyway, so I'm going to survive either way! No need to hurry
or anything.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users