Bug#637040: RM: t1lib/5.1.2-3
tag 637040 moreinfo
kthxbye
On Sun, Aug 7, 2011 at 20:36:04 -0400, Michael Gilbert wrote:
> t1lib has a significant set of security vulnerablities [0] and there
> is no sign of them ever getting fixed with upstream missing in action
> for over three years now. Because of these issues, xpdf for example
> has dropped support for it in favor of freetype2 [1]. poppler did
> this a long time ago as well.
>
> There are a few reverse dependencies, which could also be updated to
> use freetype instead. These include:
>
> php5 (php5-gd binary package)
> xdvik-ja
> vflib3
> matita
> libimager-perl
> lablgtkmathview
> grace
> evince (libevince3 binary package)
> dvipng
>
> I would recommend removing t1lib from the archive. If the release
> team concurs with this, I will file serious bugs against the
> reverse dependencies.
>
> Once that's done and everyone is in concurrance, I'll send a
> message to the ftp masters for removal.
>
As said on irc, filing (non-RC for now) bugs against the reverse
dependencies and providing patches as much as possible should happen
prior to any removal. Tagging moreinfo for now.
Cheers,
Julien
Reply to: