| 1 |
Sune Kloppenborg Jeppesen wrote: |
| 2 |
> On Wednesday 12 July 2006 16:43, exg@g.o wrote: |
| 3 |
> > Guys, |
| 4 |
> > |
| 5 |
> > The xpdf version we have currently in the tree is a modified one that |
| 6 |
> > links to poppler, provided in IRC to genstef by an ubuntu developer (no, |
| 7 |
> > ubuntu does not use it); now, I can understand that having a single |
| 8 |
> > point of failure is desiderable, but I completely disagree when doing |
| 9 |
> > this implies using a thirdy-party version not maintained/hosted anywhere |
| 10 |
> > (the reasons being obvious, I hope). Besides, it's improbable that |
| 11 |
> > upstream will add support for poppler in xpdf. |
| 12 |
> > |
| 13 |
> > I really would like to see back the upstream version, what do you think? |
| 14 |
> The reason for this was security I believe. xpdf code is embedded in lots of |
| 15 |
> other packages (see http://glsa.gentoo.org for some examples). By linking to |
| 16 |
> poppler this is fixed in one place. |
| 17 |
|
| 18 |
That's what I meant with "having a single point of failure". While I |
| 19 |
understand the goal I do not agree with the solution; since when do we |
| 20 |
prefer to replace an official maintained version of a software with |
| 21 |
whatever thirdy-party version when this can ease maintenance wrt |
| 22 |
security? |
| 23 |
|
| 24 |
-- |
| 25 |
Emanuele |
| 26 |
-- |
| 27 |
gentoo-dev@g.o mailing list |
Archives