Bug#856652: RFS: xpdf/3.0.4.real-4
On Sun, 2017-03-05 at 17:36 -0700, Sean Whitton wrote:
> control: noowner -1
>
> > OK, got it. Are you still interested to sponsor this package, now when
> > you know about status quo? If so, I'll create an account at
> > alioth.debian.org and we'll continue from there.
>
> I was hoping that you could provide a counter-argument to allay my
> concerns about security. Since you don't seem to have a response to the
> issues I've raised, I wouldn't be comfortable uploading xpdf.
I don't see where your concerns regarding security are, please explain. Reading
more about the bugs in xpdf, the problems are mainly created by the use of
poppler as a backend, not when using the _real_ upstream sources.
So, if I remove the offending hello.pdf from the upstream source, can you (or
somebody else) be the sponsor for this package? Please.
I have also contacted the upstream author about the hello.pdf file as well as
other issues. Hopefully, he will reply with an updated upstream tarball.
Thanks!
Reply to: