Bug#856652: RFS: xpdf/3.0.4.real-4

To: Sean Whitton <spwhitton@spwhitton.name>, 856652@bugs.debian.org
Subject: Bug#856652: RFS: xpdf/3.0.4.real-4
From: Svante Signell <svante.signell@gmail.com>
Date: Tue, 07 Mar 2017 08:17:08 +0100
Message-id: <[🔎] 1488871028.15949.1.camel@gmail.com>
Reply-to: svante.signell@gmail.com, 856652@bugs.debian.org
In-reply-to: <[🔎] 20170306003650.log3z2hhlymb25vu@iris.silentflame.com>
References: <[🔎] 20170304150229.r3gawossdjutvfe2@iris.silentflame.com> <[🔎] 20170304154628.lcljawpucrunkmd5@aquaticape.us> <[🔎] 1488652117.7794.18.camel@gmail.com> <[🔎] 20170304195626.ztgyxkjssbrbddrd@aquaticape.us> <[🔎] 20170304215030.sw6ksylzd36zz2zn@belkar.wrar.name> <[🔎] 1488665633.7794.24.camel@gmail.com> <[🔎] 20170304235020.maiy4ghpmphyc5bh@iris.silentflame.com> <[🔎] 1488671974.7794.32.camel@gmail.com> <[🔎] 20170305003956.c7f7ampyqnwrhk5g@iris.silentflame.com> <[🔎] 1488675419.7794.36.camel@gmail.com> <[🔎] 20170306003650.log3z2hhlymb25vu@iris.silentflame.com>

On Sun, 2017-03-05 at 17:36 -0700, Sean Whitton wrote:
> control: noowner -1
> 

> > OK, got it. Are you still interested to sponsor this package, now when
> > you know about status quo? If so, I'll create an account at
> > alioth.debian.org and we'll continue from there.
> 
> I was hoping that you could provide a counter-argument to allay my
> concerns about security.  Since you don't seem to have a response to the
> issues I've raised, I wouldn't be comfortable uploading xpdf.

I don't see where your concerns regarding security are, please explain. Reading
more about the bugs in xpdf, the problems are mainly created by the use of
poppler as a backend, not when using the _real_ upstream sources.

So, if I remove the offending hello.pdf from the upstream source, can you (or
somebody else) be the sponsor for this package? Please.

I have also contacted the upstream author about the hello.pdf file as well as
other issues. Hopefully, he will reply with an updated upstream tarball.

Thanks!

Reply to:

Follow-Ups:
- Bug#856652: RFS: xpdf/3.0.4.real-4
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Bug#856652: RFS: xpdf/3.0.4.real-4
  - From: Moritz Muehlenhoff <jmm@debian.org>

References:
- Bug#856652: RFS: xpdf/3.0.4.real-4
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Bug#856652: RFS: xpdf/3.0.4.real-4
  - From: Jason Crain <jason@inspiresomeone.us>
- Bug#856652: RFS: xpdf/3.0.4.real-4
  - From: Svante Signell <svante.signell@gmail.com>
- Bug#856652: RFS: xpdf/3.0.4.real-4
  - From: Jason Crain <jason@inspiresomeone.us>
- Bug#856652: RFS: xpdf/3.0.4.real-4
  - From: Andrey Rahmatullin <wrar@debian.org>
- Bug#856652: RFS: xpdf/3.0.4.real-4
  - From: Svante Signell <svante.signell@gmail.com>
- Bug#856652: RFS: xpdf/3.0.4.real-4
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Bug#856652: RFS: xpdf/3.0.4.real-4
  - From: Svante Signell <svante.signell@gmail.com>
- Bug#856652: RFS: xpdf/3.0.4.real-4
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Bug#856652: RFS: xpdf/3.0.4.real-4
  - From: Svante Signell <svante.signell@gmail.com>
- Bug#856652: RFS: xpdf/3.0.4.real-4
  - From: Sean Whitton <spwhitton@spwhitton.name>

Prev by Date: Bug#856910: RFS: inotify-tools/3.14-3
Next by Date: Bug#857033: RFS: golang-github-xtaci-smux/1.0.4+git20170307+ds-1~exp1 [ITP] -- Simple Multiplexing for golang
Previous by thread: Bug#856652: RFS: xpdf/3.0.4.real-4
Next by thread: Bug#856652: RFS: xpdf/3.0.4.real-4
Index(es):
- Date
- Thread