[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New Adobe CMaps license free enough for Debian?


At Sun, 18 Oct 2009 19:13:09 +0200,

> >In addition to Francesco's mail, I'd like to ask why ghostscript is
> >committing the CMap files to their SVN, shouldn't they just depend
> >on them instead of making an embedded data copy?
> We (the Debian ghostscript team) do not include CMap files, upstream
> do.

Yes, and I had been removing them from orig.tar.gz manually whenever
the new upstream release came out...

I don't know why they include CMaps in the upstream tarball.  My guess
is, until very recently, Adobe didn't release CMaps in a coherent way
-- sometimes a part of Acrobat, sometimes a part of something, such as
the example files of Lunde's CJKV book, or mysteriously appear out of
the blue in somewhere at ftp.adobe.com, etc.  And in some cases those
were a little bit different from each other.  I guess that's one of
the reason the upstream decided to include their own copy of CMaps in
GS tarball.

Of course, now the situation has changed, so it's possibly worth
trying to convince the upstream not to include CMaps in the upstream
tarball.  It became a mere redundancy.

Also, I know some Debian packages currently contain or use their own
copy of Cmaps.  For example, poppler uses poppler-data, which contains
Cmaps.  IIRC xpdf-* and dvipdfmx have some Cmaps, too.  I think we
should begin a coordinated effort to identify such packages and try to
convince the upstream or Debian maintainers to use Cmaps in
cmap-adobe-* instead.  Possibly we need some very short Debian Cmap
policy or such, I guess.

> They include several software parts that we then avoid using - more
> so in recent cleanups made by me, and even more (separate packaging
> of jbig2dec) still pending.

That's their tradition -- they want their customers to use the
libraries included in the upstream tarball, so that they can
(hopefully) reproduce any problem their customer has experienced.
From a security perspective, it's a nightmare.

> Masayuki Hatta is probably more knowledgable about CMap files than
> me.  I just didn't hear from him for a long time so did not expect
> him to be active currently.

Still buried under a pile of everyday odd jobs -- sorry but you are
doing fine ;-) Hopefully I'll be back soon.

Best regards,

Masayuki Hatta
Graduate School of Economics, The University of Tokyo
Manufacturing Management Research Center, The University of Tokyo

mhatta@mhatta.org / mhatta@grad.e.u-tokyo.ac.jp
mhatta@gnu.org / mhatta@debian.org / mhatta@opensource.jp

Reply to: