Bug#856652: RFS: xpdf/3.0.4.real-4
On Sun, 2017-03-05 at 17:36 -0700, Sean Whitton wrote:
> control: noowner -1
>
> Dear Svante,
>
> On Sun, Mar 05, 2017 at 01:56:59AM +0100, Svante Signell wrote:
> > On Sat, 2017-03-04 at 17:39 -0700, Sean Whitton wrote:
> > > I'm not referring to currently known security issues. I'm referring
> > > to issues that are yet to be discovered.
> >
> > OK, got it. Are you still interested to sponsor this package, now when
> > you know about status quo? If so, I'll create an account at
> > alioth.debian.org and we'll continue from there.
>
> I was hoping that you could provide a counter-argument to allay my
> concerns about security. Since you don't seem to have a response to the
> issues I've raised, I wouldn't be comfortable uploading xpdf.
What do you expect me to say? Of course I take security seriously. Are there any
known security issues in the upstream xpdf? If so, they should of course be
forwarded to upstream ASAP, and fixed immediately in the Debian version. I would
of course make a new release as soon as any problems have been known, and fixed.
And what is the situation with poppler? Are they, as upstream much stronger in
this respect?
> > Just a sidenote: I've been using xpdf myself for many years, and found
> > it a nice piece of standalone software. I'd really be sad to see it
> > disappear from Debian. My search for good alternatives has not been
> > successful so far. One issue is that I don't need is to edit the
> > pdf. I don't even know if xpdf supports that?
>
> Have you tried okular?
>
> Anyway, thanks again for getting involved with this orphaned package.
Thank you too.
Reply to: