gallery2 outstanding security bugs -- Abondoned by Berninger?
Jon Ciesla
limb at jcomserv.net
Thu Dec 11 13:45:29 UTC 2008
> "Jon Ciesla" <limb at jcomserv.net> writes:
>> Re jpegtran, there is a bug, against RHEL5:
>> https://bugzilla.redhat.com/show_bug.cgi?id=475679
>> CCing Tom. Tom, would you like me to work on adding this patch into
>> Fedora's libjpeg?
>
> Actually, I had every intention of rejecting that bug WONTFIX.
> I don't think it's a good idea to get into the business of carrying
> nontrivial feature patches that aren't upstream.
>
> (Yes, I know libjpeg upstream is kinda moribund, but if you want new
> features in it you should be trying to revive upstream development,
> not strongarm the Fedora package maintainer to take over development.)
I agree strongly with that principle. Two questions:
A. What has been done thusfar WTR reviving upstream development?
B. In the meantime, how should I support jpegtran? Bundle a custom binary
in the subpackage and patch the module, or let it sit with known partial
functionality?
On a tangential note IIRC this patch is in Debian's libjpeg, not that that
should be any sort of guideline for us, I'm just putting it out there.
> regards, tom lane
>
--
in your fear, speak only peace
in your fear, seek only love
-d. bowie
More information about the fedora-devel-list
mailing list