gallery2 outstanding security bugs -- Abondoned by Berninger?

Jon Ciesla limb at jcomserv.net
Thu Dec 11 13:45:29 UTC 2008


> "Jon Ciesla" <limb at jcomserv.net> writes:
>> Re jpegtran, there is a bug, against RHEL5:
>> https://bugzilla.redhat.com/show_bug.cgi?id=475679
>> CCing Tom.  Tom, would you like me to work on adding this patch into
>> Fedora's libjpeg?
>
> Actually, I had every intention of rejecting that bug WONTFIX.
> I don't think it's a good idea to get into the business of carrying
> nontrivial feature patches that aren't upstream.
>
> (Yes, I know libjpeg upstream is kinda moribund, but if you want new
> features in it you should be trying to revive upstream development,
> not strongarm the Fedora package maintainer to take over development.)

I agree strongly with that principle.  Two questions:

A. What has been done thusfar WTR reviving upstream development?

B. In the meantime, how should I support jpegtran?  Bundle a custom binary
in the subpackage and patch the module, or let it sit with known partial
functionality?

On a tangential note IIRC this patch is in Debian's libjpeg, not that that
should be any sort of guideline for us, I'm just putting it out there.

> 			regards, tom lane
>


-- 
in your fear, speak only peace
in your fear, seek only love

-d. bowie




More information about the fedora-devel-list mailing list