Dear Svante, On Sat, Mar 04, 2017 at 08:19:43PM +0100, Svante Signell wrote: > Maybe I don't understand. The version of xpdf I'm proposing is no > longer dependent on poppler. So why are you talking about poppler? > Which are the security issues of upstream xpdf? I'd really like to > know, and if possible forward these problems to upstream:Glyph & Cog, > LLC. Additionally, which are the poppler-based security issues? I'm not referring to currently known security issues. I'm referring to issues that are yet to be discovered. > See above. Which version of xpdf are you referring to, the poppler- > based one, or the upstream one? > > And BTW: poppler upstream seems to be freedesktop.org, i.e. gnome. Who > can trust gnome nowadays, especially people preferring systemd-free > software? I trust GNOME to quickly find and repair security issues in libpoppler. -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature