[Secure-testing-team] Bits from the Testing Security team
Hamish Moffatt
hamish at debian.org
Sun Oct 14 22:41:09 UTC 2007
On Sun, Oct 14, 2007 at 11:38:35PM +0200, Stefan Fritsch wrote:
> Embedded code copies
> --------------------
>
> There are a number of packages including source code from external
> libraries, for example poppler is included in xpdf, kpdf and others. To
FWIW, that's true but not the genealogy of the situation. Xpdf is the
original source of the PDF processing code which is in kpdf and the old
gpdf. The poppler guys took it to make the shared library.
Xpdf seems to continue to lead poppler in PDF processing ability so I
suspect poppler's authors continue to merge in changes. Unfortunately
Xpdf's author (upstream) has not been interested in providing a shared
library which would have made libpoppler obselete. (There are requests
for it in our BTS.)
So you are right that similar code is embedded in the library and in
Xpdf. I offer this note of explanation because suggesting that Xpdf
embeds code from poppler is an insult to Xpdf's upstream (which I know
you did not intend).
thanks,
Hamish
--
Hamish Moffatt VK3SB <hamish at debian.org> <hamish at cloud.net.au>
More information about the Secure-testing-team
mailing list