1 |
Sune Kloppenborg Jeppesen wrote: |
2 |
> On Wednesday 12 July 2006 16:43, exg@g.o wrote: |
3 |
> > Guys, |
4 |
> > |
5 |
> > The xpdf version we have currently in the tree is a modified one that |
6 |
> > links to poppler, provided in IRC to genstef by an ubuntu developer (no, |
7 |
> > ubuntu does not use it); now, I can understand that having a single |
8 |
> > point of failure is desiderable, but I completely disagree when doing |
9 |
> > this implies using a thirdy-party version not maintained/hosted anywhere |
10 |
> > (the reasons being obvious, I hope). Besides, it's improbable that |
11 |
> > upstream will add support for poppler in xpdf. |
12 |
> > |
13 |
> > I really would like to see back the upstream version, what do you think? |
14 |
> The reason for this was security I believe. xpdf code is embedded in lots of |
15 |
> other packages (see http://glsa.gentoo.org for some examples). By linking to |
16 |
> poppler this is fixed in one place. |
17 |
|
18 |
That's what I meant with "having a single point of failure". While I |
19 |
understand the goal I do not agree with the solution; since when do we |
20 |
prefer to replace an official maintained version of a software with |
21 |
whatever thirdy-party version when this can ease maintenance wrt |
22 |
security? |
23 |
|
24 |
-- |
25 |
Emanuele |
26 |
-- |
27 |
gentoo-dev@g.o mailing list |