Hi On Fri, Jun 04, 2010 at 12:36:05AM +0200, Moritz Muehlenhoff wrote: > > Thanks for getting in touch, but we should rather fix this in ghostscript > once and for all than changing lots of packages using ghostscript. I've > contacted Ghostscript maintainers a few hours ago on the approach to be > taken.
How are you planning to fix this in ghostscript? I think this is not possible without changing ghostscript's behaviour in an incompatible way. If you want to make -dSAFER the default, then I at least would have to change my package again, because passepartout's usage of ghostscript relies on the fact, that postscript files run by ghostscript are able to read other files. I agree, that probably most packages using ghostscript don't use that feature, but I'm not sure if it's right to change this in a stable security update. If you change ghostscripts behavior in this way you should give packages like passepartout that rely on the old behaviour a change to release a fixed package through a security update at the same time. I also don't think that it's wise to deviate from ghostscript upstream on this. Changes to default options should be coordinated with upstream IMHO. Gaudenz -- Gaudenz Steinlin POnG Online Genossenschaft gaudenz.stein...@pong.ch -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
