On 2017-03-04 at 14:19, Svante Signell wrote: > On Sat, 2017-03-04 at 11:49 -0700, Sean Whitton wrote: > >> Dear Svante, >> >> I agree with you that a poppler-based xpdf is not maintainable >> until and unless xpdf upstream switches to poppler. However, it is >> not clear to me why we shouldn't just remove xpdf from Debian. The >> main reason that Debian insists on using shared libraries instead >> of bundled copies of code is because it permits faster responses >> to security problems uncovered in those shared libraries. A >> security bug in poppler would now need to be fixed in xpdf's copy >> and in the main library. > > Maybe I don't understand. The version of xpdf I'm proposing is no > longer dependent on poppler. So why are you talking about poppler? Because other packages do still depend on poppler, so we can't drop poppler from the repositories, which means that introducing the code back into the xpdf package itself will mean we have two (divergent) copies of that code - with all the problems that implies. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Attachment:
signature.asc
Description: OpenPGP digital signature