Quoting Maximiliano Curia (2012-11-24 13:49:30) > I'm not sure how to build [SWF] files, and the list of md5sums in the > yuilibrary page suggests that it's not expected that users build those. > The build process of yui deletes the distributed swf files, and generates > them again. But it doesn't rebuild the "charts.swf" file.
Beware that commonly upstream do not distinguish between (re)distributors and (end-)users. Debian Policy mandates that we compile from (true!) source, no matter if upstream encourages that or not. > Not generating the charts.swf file is a real security issue, since > this file is bundled in other packages (icinga-web and glpi), which > include the swf listed as version 2.8.2. Convenience copies of code from other upstream projects should always be reported to the security team, not only _when_ it becomes a security issue: please report above ones to the security team! > It would be a really good idea to build charts.swf from source, but > I'm not sure how to do it. Neither am I, but I know that Debian contains some SWF compilers... - Jonas
signature.asc
Description: signature
