[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: gallery2 outstanding security bugs -- Abondoned by Berninger?

> "Jon Ciesla" <limb jcomserv net> writes:
>> Re jpegtran, there is a bug, against RHEL5:
>> https://bugzilla.redhat.com/show_bug.cgi?id=475679
>> CCing Tom.  Tom, would you like me to work on adding this patch into
>> Fedora's libjpeg?
> Actually, I had every intention of rejecting that bug WONTFIX.
> I don't think it's a good idea to get into the business of carrying
> nontrivial feature patches that aren't upstream.
> (Yes, I know libjpeg upstream is kinda moribund, but if you want new
> features in it you should be trying to revive upstream development,
> not strongarm the Fedora package maintainer to take over development.)

I agree strongly with that principle.  Two questions:

A. What has been done thusfar WTR reviving upstream development?

B. In the meantime, how should I support jpegtran?  Bundle a custom binary
in the subpackage and patch the module, or let it sit with known partial

On a tangential note IIRC this patch is in Debian's libjpeg, not that that
should be any sort of guideline for us, I'm just putting it out there.

> 			regards, tom lane

in your fear, speak only peace
in your fear, seek only love

-d. bowie

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]