Frederic Peters wrote: > Hello, > > xpdf has a long history of security problems, and got its code > duplicated in a lot of packages. All of this has to be tracked > by the security team and this is a serious burden. > > As Moritz wrote: > >>> the whole xpdf mess is just insane: There's another massive round >>> of security issues being found and it's certainly not the last. >>> I won't spend another 2-3 days for each maintenance round of this >>> junk, so we need to cut down the maintenance overhead now: > > > I am the maintainer of pdftohtml, it embeds code from xpdf, and can be > replaced by pdftohtml from poppler-utils; this has been the case in sid > for months (package got removed from sid/lenny in June) and nobody > complained about compatibility problems using the new poppler code. > > > We failed to manage the transition before Etch went out but it would > be appreciated to do it for a point release; Moritz wrote: > >>> I don't remember why we didn't make the transition to poppler-utils >>> inside Etch in time, but we need to it now in a point update. > > There is a pdftohtml package converted to be a transitional package > available at http://people.debian.org/~fpeters/pdftohtml/, interdiff > is attached to this message. It adds a NEWS file explaining the > situation. > > Could this issue be considered by the release team ?
Please upload. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
