Re: [gentoo-dev] Re: xpdf status

[Emanuele Giaquinta]

Stefan Schweizer wrote:
> > Though if someone is willing to maintain a vanilla xpdf ebuild I'd have no
> > complaints. Genstef?
> > 
> I have no complaints either. If there is exg doing the security bumps and
> taking care of the upstream version I am supporting it.

I would have no problem in doing it, but since I am the only one so far
who see an issue in the current situation I don't think it's worth the
effort.

-- 
Emanuele
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] xpdf status

[Emanuele Giaquinta]

Sune Kloppenborg Jeppesen wrote:
> On Wednesday 12 July 2006 16:43, [EMAIL PROTECTED] wrote:
> > Guys,
> >
> > The xpdf version we have currently in the tree is a modified one that
> > links to poppler, provided in IRC to genstef by an ubuntu developer (no,
> > ubuntu does not use it); now, I can understand that having a single
> > point of failure is desiderable, but I completely disagree when doing
> > this implies using a thirdy-party version not maintained/hosted anywhere
> > (the reasons being obvious, I hope). Besides, it's improbable that
> > upstream will add support for poppler in xpdf.
> >
> > I really would like to see back the upstream version, what do you think?
> The reason for this was security I believe. xpdf code is embedded in lots of 
> other packages (see http://glsa.gentoo.org for some examples). By linking to 
> poppler this is fixed in one place. 

That's what I meant with "having a single point of failure". While I
understand the goal I do not agree with the solution; since when do we
prefer to replace an official maintained version of a software with
whatever thirdy-party version when this can ease maintenance wrt
security?

-- 
Emanuele
-- 
gentoo-dev@gentoo.org mailing list