Package: ftp.debian.org
Hi Moritz, hi Ondrej, hi ftp-masters,
Ondrej, ftp-master: this is discussion about removing the pdftohtml I
maintain since poppler builds a functional equivalent as part of
poppler-utils package.
It is triggered by Moritz wrt regular xpdf security issues (pdftohtml
embeds a copy of xpdf code).
I wrote:
> > Sorry I forgot to answer you. I had a look to poppler-utils pdftohtml
> > (from experimental) and the only difference is in the unit used for
> > dimensions and coordinates; this is only about XML output.
> >
> > This bugged me since I would have to update my scripts but I believe
> > this is minor with regards to security benefits we gain using a single
> > code base.
> >
> > So I would say you could create a transitional pdftohtml package from
> > poppler-utils and request removal of pdftohtml. Perhaps a NEWS.Debian
> > is approriate for this transitional package, with a note about unit
> > change.
And Moritz answered:
> As you're listed as maintainer and I'm busy with Security work, could
> you prepare that before Etch freeze? Otherwise we could make it RC and
> have it fixed as part of one the BSPs.
Request filed against ftp.debian.org.
Ondrej: once pdftohtml is removed, would you building a transitional
pdftohtml package with the appropriate NEWS.Debian ? I obviously can
prepare a NMU if you want.
Regards,
Frederic
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
