Hi Paul, On Sun, Nov 21, 2010, paul.sz...@sydney.edu.au wrote (at bug#584653):
... I have backported it ... deb http://debian.jones.dk/ squeeze printingI have now upgraded a machine to squeeze and tried your ghostscript 9.00~dfsg-1~0jones1 package, it works perfectly, thanks.
[snip]
Could your package include the patch for bug #592569 also, to have -dSAFER as default?
It seems to me that Moritz's judgement particular on the issue of -dSAFER is sane, and that your later points of insecurity is a mashup of multiple issues, each of them track as separate bugs for Debian, and some of them solved by the new upstream release 9.00. Is that correct?
If so, what makes you persistently ask, when Moritz already explained the situation regarding this particular bug?
If not, please help by documenting clearly the security implications of THIS bug alone, testing against a packaging of ghostscript 9.00.
Thanks a lot for your persistence with all of this. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: Digital signature
