[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-devel-list
Subject: Re: Orphan: mupdf/jbig2dec
From: Zdenek Dohnal <zdohnal () redhat ! com>
Date: 2017-05-31 8:45:17
Message-ID: 10528df0-62ab-539e-abb1-221076c29827 () redhat ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
On 05/31/2017 08:32 AM, Rémi Verschelde wrote:
> 2017-05-31 8:24 GMT+02:00 Zdenek Dohnal <zdohnal@redhat.com>:
> > On 05/30/2017 01:19 PM, Dridi Boukelmoune wrote:
> > > On Tue, May 30, 2017 at 1:05 PM, Pavel Zhukov
> > > <landgraf@fedoraproject.org> wrote:
> > > > Hello.
> > > > Due to many CVEs and low quality/security of these packages as well as \
> > > > Windows oriented upstream I'm going to orphan both jbig2dec and mupdf \
> > > > packages in Fedora/EPEL. Sometimes the build doesn't reach stable branch just \
> > > > because it's deprecated by new build with new CVE. Feel free to take them.
> > > It sounds more like something to retire instead, at least on Fedora...
> > At least mupdf is needed in cups-filters as BuildRequire - cups-filters
> > uses it in pdftopdf filter, so abandoning it would resolve in more
> > difficult PDF printing in Fedora. And as I can see jbig2dec is in
> > BuildRequires for mupdf, I should take it.
> For what it's worth, I briefly maintained mupdf in Mageia before
> deciding to drop it from Cauldron (our development release) for the
> same reasons that Pavel mentioned.
>
> If you want to keep mupdf, I would advise to patch away the mujstest
> program, which is the one affected by most CVEs against mupdf over the
> last couple of years. Without mupdf, you'd be down to patching
> security vulnerabilities every 2 months instead of every 2 weeks... :)
I disabled mupdf in cups-filters - problem solved. We can retire it at
least from the view of cups-filters.
>
> Regards,
> Rémi
> _______________________________________________
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-leave@lists.fedoraproject.org
--
Zdenek Dohnal
Associate Software Engineer
Brno, Purkyňova 99, Czech Republic
RED HAT | TRIED. TESTED. TRUSTED.
Every telecommunications Company in the Fortune Global 500 relies on Red Hat.
Find out why at Trusted | Red Hat
["signature.asc" (application/pgp-signature)]
[Attachment #8 (text/plain)]
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic