2017-05-31 8:24 GMT+02:00 Zdenek Dohnal <zdohnal@xxxxxxxxxx>: > On 05/30/2017 01:19 PM, Dridi Boukelmoune wrote: >> On Tue, May 30, 2017 at 1:05 PM, Pavel Zhukov >> <landgraf@xxxxxxxxxxxxxxxxx> wrote: >>> Hello. >>> Due to many CVEs and low quality/security of these packages as well as Windows oriented upstream I'm going to orphan both jbig2dec and mupdf packages in Fedora/EPEL. >>> Sometimes the build doesn't reach stable branch just because it's deprecated by new build with new CVE. >>> Feel free to take them. >> It sounds more like something to retire instead, at least on Fedora... > At least mupdf is needed in cups-filters as BuildRequire - cups-filters > uses it in pdftopdf filter, so abandoning it would resolve in more > difficult PDF printing in Fedora. And as I can see jbig2dec is in > BuildRequires for mupdf, I should take it. For what it's worth, I briefly maintained mupdf in Mageia before deciding to drop it from Cauldron (our development release) for the same reasons that Pavel mentioned. If you want to keep mupdf, I would advise to patch away the mujstest program, which is the one affected by most CVEs against mupdf over the last couple of years. Without mupdf, you'd be down to patching security vulnerabilities every 2 months instead of every 2 weeks... :) Regards, Rémi _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
