Re: PNG crush NMU

To: debian-qa@lists.debian.org
Subject: Re: PNG crush NMU
From: Russ Allbery <rra@debian.org>
Date: Thu, 26 Jan 2006 19:52:29 -0800
Message-id: <[🔎] 877j8m1g5e.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 20060127033014.GB29959@imsc.res.in> (Kapil Hari Paranjape's message of "Fri, 27 Jan 2006 09:00:14 +0530")
References: <[🔎] 20060127033014.GB29959@imsc.res.in>

Kapil Hari Paranjape <kapil@imsc.res.in> writes:

> I've prepared an NMU of pngcrush that applies currently available
> patches and closes the RC bugs on it. The files are under

> 	http://www.imsc.res.in/~kapil/debian/pngcrush/

> Since I am not a DD I request one of the QA team who *are* to please
> sponsor the upload. Before you do however, please note that I have not
> received an OK from the maintainer for the patch applied.

> Sepcifically, this patched version does not make use of zlib1g and
> libpng as packaged with Debian and uses upstream's versions of these
> libraries statically compiled in. This seems to be the only way
> currently of avoiding the bugs that have crept in which result from an
> incompatibility between upstream's use of the libraries and current
> development of those libraries.

Ugh, that's not a very good solution.  That means that the next time
there's a security hole in zlib or libpng, which hasn't been uncommon, it
may also affect pngcrush and someone has to remember to update it as well.
This makes life much harder for the security team.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

References:
- PNG crush NMU
  - From: Kapil Hari Paranjape <kapil@imsc.res.in>

Prev by Date: PNG crush NMU
Next by Date: Re: PNG crush NMU
Previous by thread: PNG crush NMU
Next by thread: Re: PNG crush NMU
Index(es):
- Date
- Thread