Hi Paul,

On Sun, Nov 21, 2010, paul.sz...@sydney.edu.au wrote (at bug#584653):
... I have backported it ...
deb http://debian.jones.dk/ squeeze printing

I have now upgraded a machine to squeeze and tried your
ghostscript 9.00~dfsg-1~0jones1
package, it works perfectly, thanks.
[snip]
Could your package include the patch for bug #592569 also,
to have -dSAFER as default?

It seems to me that Moritz's judgement particular on the issue of -dSAFER is sane, and that your later points of insecurity is a mashup of multiple issues, each of them track as separate bugs for Debian, and some of them solved by the new upstream release 9.00. Is that correct?

If so, what makes you persistently ask, when Moritz already explained the situation regarding this particular bug?

If not, please help by documenting clearly the security implications of THIS bug alone, testing against a packaging of ghostscript 9.00.


Thanks a lot for your persistence with all of this.


- Jonas

--
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: Digital signature

Reply via email to