[subversion-commit] SVN pkg-tetex-web commit + diffs: r1029 - pkg-tetex-web/trunk

Frank Küster frank at costa.debian.org
Mon Mar 13 17:36:33 UTC 2006 

Author: frank
Date: 2006-03-13 17:36:32 +0000 (Mon, 13 Mar 2006)
New Revision: 1029

Modified:
   pkg-tetex-web/trunk/sarge.html
Log:
update sarge.html to reflect backports.org upload

Modified: pkg-tetex-web/trunk/sarge.html
===================================================================
--- pkg-tetex-web/trunk/sarge.html	2006-03-13 16:19:00 UTC (rev 1028)
+++ pkg-tetex-web/trunk/sarge.html	2006-03-13 17:36:32 UTC (rev 1029)
@@ -24,7 +24,8 @@
 
 <body bgcolor="#ffffff" link="#cc0000" vlink="#0000ff">
 
-<table cellpadding="20" width="100%"><tbody><tr><td><h1><img src="../pics/tetex.png" alt="teTeX">Version 3.0 &nbsp; for Debian Sarge</h1></td><td style="border: medium outset blue; font-size: small; vertical-align: middle;" align="center">
+<table cellpadding="20" width="100%"><tbody><tr><td><h1><img
+  src="../pics/tetex.png" alt="teTeX"> version 3.0 &nbsp; for Debian Sarge</h1></td><td style="border: medium outset blue; font-size: small; vertical-align: middle;" align="center">
 </td></tr></tbody></table><br><br>
 
 
@@ -39,9 +40,21 @@
 Please read below about what we provide, and what we cannot promise</p>
 
 <h2>NEW!</h2>
-teTeX now uses libpoppler, see <a href="#caveats" >Caveats and shortcomings</a>
+<ul>
+  <li><p>teTeX Backports moving to <strong>www.backports.org</strong></p>
+  <p>From now on (about 2006-03-13), teTeX-3.0 backports will be
+  uploaded to <a href="http://www.backports.org"
+  >www.backports.org</a> to achieve greater visibility.  Please change
+  your <kbd>sources.list</kbd>entries as described in the
+backports.org <a href="http://www.backports.org/instructions.html"
+>Instructions</a>.</p>
+  </li>
 
+  <li>teTeX for sarge has reverted to statically linking
+its own xpdf code, see <a href="#caveats" >Caveats and
+shortcomings</a></li> </ul>
 
+
 <h2><a name="promises">What we provide</a></h2>
 <ul>
   <li>Packages are based on the version that is also in unstable</li>
@@ -66,18 +79,30 @@
 <h2><a name="caveats">Caveats and shortcomings: Security</a></h2>
 
 <ul>
-  <li><p>tetex-bin now uses libpoppler instead
-  of using its own copy of xpdf code.  This will make security fixes
-  much easier.  We have prepared backports of the required libraries
-  (libpoppler and libcairo2), but if it turns out that maintaining these backports
-  is not feasible, security updates might
-  become a big burden to the teT<sub>E</sub>X maintainance team.  Under
-  these circumstances, it is possible that we stop updating these
-  packages - of course a notice will be given at a prominent place
-  when this should happen.</p>
-  <p>On the other hand, we hope that backports of these packages will
-  soon be provided at an established backports site.  We will then
-  refer our users to use those better backports.</p>
+  <li><p>tetex-bin in testing and unstable now uses libpoppler instead
+  of statically linking to its own copy of xpdf code.  This will make
+security fixes
+  much easier.  Since we do not want to maintain backports of the required libraries
+  (libpoppler and libcairo2), especially not for an upload to <a
+  href="http://www.backports.org" >www.backports.org</a>, the
+  sarge backports still use their own copy of xpdf code.</p>
+
+  <p>Although our xpdf code currently contains most  security fixes,
+  this still means that those packages might not be as save as the
+  ones in stable and unstable.  On the other hand, the known issues in
+  xpdf only cause minor problems with pdfTeX: Upon inclusion of buggy,
+  possibly specifically manipulated PDF files, they might lead to
+  either unfinished PDF files, or to pdfTeX crashing, or, in the worst
+  case, to pdfTex consuming all available memory.  In most use cases,
+  this would be an annoyance, but not a security problem.  On the
+  other hand, if you are running a "pdfTeX server" that accepts
+  arbitrary input from untrusted users, you should know what you are
+  doing, anyway. </p>
+  <p>We hope that independent backports of libpoppler and libcairo will
+  be provided at <a
+  href="http://www.backports.org" >www.backports.org</a>.  We
+  will then again enable libpoppler use in the teT<sub>E</sub>X
+  backports.</p>
   </li>
   <li>
   Security updates will often be delayed compared to security updates
@@ -96,25 +121,17 @@
 keep in mind that we are primarily developing etch, the successor
 release of sarge, and that bug severities affect the migration into
 testing and inclusion of the package in the current candidate for
-etch. Therefore, severities of bugreports against such backports
-should be lowered:</p>
+etch. Therefore, severities of bugreports against such
+backports must be lowered by one or two degrees; bugs reported at
+release-critical severities will be downgraded promptly.</p>
 
-<ul>
-  <li>normal, minor or wishlist bugs should be reported with severity
-  "wishlist",</li>
 
-  <li>important bugs should be reported with severity "minor", and</li>
-
-  <li>grave, serious or critical bugs should be reported with severity
-  "normal". </li>
-
-</ul>
-
 <h2><a name="aptline">How to get them</a></h2>
 
-<p>To get the packages, add the following line to your sources list:</p>
+<p>Please follow the instructions at <a
+href="http://www.backports.org/instructions.html"
+>www.backports.org/instructions.html</a></p>
 
-<pre>deb http://people.debian.org/~frank/teTeX-3.0 sarge main</pre>
 
 
 <hr>

More information about the Pkg-tetex-commits mailing list